Lucene search

[email protected]NVD:CVE-2007-0048

HistoryJan 03, 2007 - 9:28 p.m.

CVE-2007-0048

2007-01-0321:28:00

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.777 High

EPSS

Percentile

98.2%

JSON

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a “cross-site scripting issue.”

Affected configurations

NVD

Node

adobeacrobatRange≤7.0.8elements

adobeacrobatMatch7.0professional

adobeacrobatMatch7.0standard

adobeacrobatMatch7.0.1professional

adobeacrobatMatch7.0.1standard

adobeacrobatMatch7.0.2professional

adobeacrobatMatch7.0.2standard

adobeacrobatMatch7.0.3professional

adobeacrobatMatch7.0.3standard

adobeacrobatMatch7.0.4professional

adobeacrobatMatch7.0.4standard

adobeacrobatMatch7.0.5professional

adobeacrobatMatch7.0.5standard

adobeacrobatMatch7.0.6professional

adobeacrobatMatch7.0.6standard

adobeacrobatMatch7.0.7professional

adobeacrobatMatch7.0.7standard

adobeacrobatMatch7.0.8professional

adobeacrobatMatch7.0.8standard

adobeacrobat_3d

adobeacrobat_readerRange≤7.0.8

adobeacrobat_readerMatch6.0

adobeacrobat_readerMatch6.0.1

adobeacrobat_readerMatch6.0.2

adobeacrobat_readerMatch6.0.3

adobeacrobat_readerMatch6.0.4

adobeacrobat_readerMatch6.0.5

adobeacrobat_readerMatch7.0

adobeacrobat_readerMatch7.0.1

adobeacrobat_readerMatch7.0.2

adobeacrobat_readerMatch7.0.3

adobeacrobat_readerMatch7.0.4

adobeacrobat_readerMatch7.0.5

adobeacrobat_readerMatch7.0.6

adobeacrobat_readerMatch7.0.7

adobeacrobat_readerMatch7.0.8

References

events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

osvdb.org/31596

secunia.com/advisories/23812

secunia.com/advisories/23882

secunia.com/advisories/33754

security.gentoo.org/glsa/glsa-200701-16.xml

securityreason.com/securityalert/2090

securitytracker.com/id?1017469

securitytracker.com/id?1023007

www.adobe.com/support/security/bulletins/apsb07-01.html

www.adobe.com/support/security/bulletins/apsb09-15.html

www.securityfocus.com/archive/1/455801/100/0/threaded

www.us-cert.gov/cas/techalerts/TA09-286B.html

www.vupen.com/english/advisories/2007/0032

www.vupen.com/english/advisories/2009/2898

www.wisec.it/vulns.php?page=9

exchange.xforce.ibmcloud.com/vulnerabilities/31273

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

High

0.777 High

EPSS

Percentile

98.2%

JSON

Related for NVD:CVE-2007-0048

cvelist1 prion1 cve1 openvas12 checkpoint_advisories2 chrome1 nessus20 gentoo2 kaspersky1 securityvulns1 suse2 seebug1