CVE-2007-0044

2007-01-0321:28:00

CWE-352

[email protected]

web.nvd.nist.gov

adobe

acrobat reader

plugin

security vulnerability

csrf

session riding

remote attack

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.929 High

EPSS

Percentile

99.0%

JSON

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”

CPENameOperatorVersion
adobe:acrobatadobe acrobateq7.0.6
adobe:acrobat_readeradobe acrobat readereq7.0.5
adobe:acrobat_readeradobe acrobat readereq7.0.6
adobe:acrobatadobe acrobateq7.0
adobe:acrobat_readeradobe acrobat readereq7.0.8
adobe:acrobatadobe acrobateq7.0.5
adobe:acrobat_readeradobe acrobat readereq6.0.3
adobe:acrobatadobe acrobatle7.0.8
adobe:acrobat_3dadobe acrobat 3deq*
adobe:acrobat_readeradobe acrobat readereq7.0.7

CPE	Name	Operator	Version
adobe:acrobat	adobe acrobat	eq	7.0.6
adobe:acrobat_reader	adobe acrobat reader	eq	7.0.5
adobe:acrobat_reader	adobe acrobat reader	eq	7.0.6
adobe:acrobat	adobe acrobat	eq	7.0
adobe:acrobat_reader	adobe acrobat reader	eq	7.0.8
adobe:acrobat	adobe acrobat	eq	7.0.5
adobe:acrobat_reader	adobe acrobat reader	eq	6.0.3
adobe:acrobat	adobe acrobat	le	7.0.8
adobe:acrobat_3d	adobe acrobat 3d	eq	*
adobe:acrobat_reader	adobe acrobat reader	eq	7.0.7