CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
99.1%
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka “Universal XSS (UXSS).”
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | acrobat | * | cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:* |
adobe | acrobat | 7.0 | cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0 | cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.1 | cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.1 | cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.2 | cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.2 | cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.3 | cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:* |
adobe | acrobat | 7.0.3 | cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:* |
adobe | acrobat | 7.0.4 | cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:* |
events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
secunia.com/advisories/23483
secunia.com/advisories/23691
secunia.com/advisories/23812
secunia.com/advisories/23877
secunia.com/advisories/23882
secunia.com/advisories/24457
secunia.com/advisories/24533
secunia.com/advisories/33754
security.gentoo.org/glsa/glsa-200701-16.xml
securityreason.com/securityalert/2090
securitytracker.com/id?1017469
securitytracker.com/id?1023007
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
www.adobe.com/support/security/advisories/apsa07-01.html
www.adobe.com/support/security/advisories/apsa07-02.html
www.adobe.com/support/security/bulletins/apsb07-01.html
www.adobe.com/support/security/bulletins/apsb09-15.html
www.disenchant.ch/blog/hacking-with-browser-plugins/34
www.gnucitizen.org/blog/danger-danger-danger/
www.gnucitizen.org/blog/universal-pdf-xss-after-party
www.kb.cert.org/vuls/id/815960
www.mozilla.org/security/announce/2007/mfsa2007-02.html
www.redhat.com/support/errata/RHSA-2007-0021.html
www.securityfocus.com/archive/1/455790/100/0/threaded
www.securityfocus.com/archive/1/455800/100/0/threaded
www.securityfocus.com/archive/1/455801/100/0/threaded
www.securityfocus.com/archive/1/455831/100/0/threaded
www.securityfocus.com/archive/1/455836/100/0/threaded
www.securityfocus.com/archive/1/455906/100/0/threaded
www.securityfocus.com/bid/21858
www.us-cert.gov/cas/techalerts/TA09-286B.html
www.vupen.com/english/advisories/2007/0032
www.vupen.com/english/advisories/2007/0957
www.vupen.com/english/advisories/2009/2898
www.wisec.it/vulns.php?page=9
exchange.xforce.ibmcloud.com/vulnerabilities/31271
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
rhn.redhat.com/errata/RHSA-2007-0017.html