PRIOn knowledge basePRION:CVE-2007-0045Cross site scripting
5.3 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.923 High
EPSS
Percentile
98.9%
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka “Universal XSS (UXSS).”
References
events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
secunia.com/advisories/23483
secunia.com/advisories/23691
secunia.com/advisories/23812
secunia.com/advisories/23877
secunia.com/advisories/23882
secunia.com/advisories/24457
secunia.com/advisories/24533
secunia.com/advisories/33754
security.gentoo.org/glsa/glsa-200701-16.xml
securityreason.com/securityalert/2090
securitytracker.com/id?1017469
securitytracker.com/id?1023007
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
www.adobe.com/support/security/advisories/apsa07-01.html
www.adobe.com/support/security/advisories/apsa07-02.html
www.adobe.com/support/security/bulletins/apsb07-01.html
www.adobe.com/support/security/bulletins/apsb09-15.html
www.disenchant.ch/blog/hacking-with-browser-plugins/34
www.gnucitizen.org/blog/danger-danger-danger/
www.gnucitizen.org/blog/universal-pdf-xss-after-party
www.kb.cert.org/vuls/id/815960
www.mozilla.org/security/announce/2007/mfsa2007-02.html
www.redhat.com/support/errata/RHSA-2007-0021.html
www.securityfocus.com/archive/1/455790/100/0/threaded
www.securityfocus.com/archive/1/455800/100/0/threaded
www.securityfocus.com/archive/1/455801/100/0/threaded
www.securityfocus.com/archive/1/455831/100/0/threaded
www.securityfocus.com/archive/1/455836/100/0/threaded
www.securityfocus.com/archive/1/455906/100/0/threaded
www.securityfocus.com/bid/21858
www.us-cert.gov/cas/techalerts/TA09-286B.html
www.vupen.com/english/advisories/2007/0032
www.vupen.com/english/advisories/2007/0957
www.vupen.com/english/advisories/2009/2898
www.wisec.it/vulns.php?page=9
exchange.xforce.ibmcloud.com/vulnerabilities/31271
googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
rhn.redhat.com/errata/RHSA-2007-0017.html
Related
5.3 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.923 High
EPSS
Percentile
98.9%