CVE-2007-0044

Current Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Basic Data

PublishedJanuary 03, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-352
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAdobeAcrobat7.0*professional*****
    2.3ApplicationAdobeAcrobat7.0*standard*****
    2.3ApplicationAdobeAcrobat7.0.1*professional*****
    2.3ApplicationAdobeAcrobat7.0.1*standard*****
    2.3ApplicationAdobeAcrobat7.0.2*professional*****
    2.3ApplicationAdobeAcrobat7.0.2*standard*****
    2.3ApplicationAdobeAcrobat7.0.3*professional*****
    2.3ApplicationAdobeAcrobat7.0.3*standard*****
    2.3ApplicationAdobeAcrobat7.0.4*professional*****
    2.3ApplicationAdobeAcrobat7.0.4*standard*****
    2.3ApplicationAdobeAcrobat7.0.5*professional*****
    2.3ApplicationAdobeAcrobat7.0.5*standard*****
    2.3ApplicationAdobeAcrobat7.0.6*professional*****
    2.3ApplicationAdobeAcrobat7.0.6*standard*****
    2.3ApplicationAdobeAcrobat7.0.7*professional*****
    2.3ApplicationAdobeAcrobat7.0.7*standard*****
    2.3ApplicationAdobeAcrobat**elements*****7.0.8
    2.3ApplicationAdobeAcrobat7.0.8*professional*****
    2.3ApplicationAdobeAcrobat7.0.8*standard*****
    2.3ApplicationAdobeAcrobat 3d********
    2.3ApplicationAdobeAcrobat Reader6.0*******
    2.3ApplicationAdobeAcrobat Reader6.0.1*******
    2.3ApplicationAdobeAcrobat Reader6.0.2*******
    2.3ApplicationAdobeAcrobat Reader6.0.3*******
    2.3ApplicationAdobeAcrobat Reader6.0.4*******
    2.3ApplicationAdobeAcrobat Reader6.0.5*******
    2.3ApplicationAdobeAcrobat Reader7.0*******
    2.3ApplicationAdobeAcrobat Reader7.0.1*******
    2.3ApplicationAdobeAcrobat Reader7.0.2*******
    2.3ApplicationAdobeAcrobat Reader7.0.3*******
    2.3ApplicationAdobeAcrobat Reader7.0.4*******
    2.3ApplicationAdobeAcrobat Reader7.0.5*******
    2.3ApplicationAdobeAcrobat Reader7.0.6*******
    2.3ApplicationAdobeAcrobat Reader7.0.7*******
    2.3ApplicationAdobeAcrobat Reader********7.0.8

Vulnerable Software List

VendorProductVersions
Adobe Acrobat 3d *
Adobe Acrobat *, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8
Adobe Acrobat Reader *, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 7.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7

References

NameSourceURLTags
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfMISC
SUSE-SA:2007:011http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlSUSE
23812http://secunia.com/advisories/23812SECUNIA
23882http://secunia.com/advisories/23882SECUNIAVendor Advisory
29065http://secunia.com/advisories/29065SECUNIAVendor Advisory
GLSA-200701-16http://security.gentoo.org/glsa/glsa-200701-16.xmlGENTOO
2090http://securityreason.com/securityalert/2090SREASONVendor Advisory
1017469http://securitytracker.com/id?1017469SECTRACK
RHSA-2008:0144http://www.redhat.com/support/errata/RHSA-2008-0144.htmlREDHAT
20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilitieshttp://www.securityfocus.com/archive/1/455801/100/0/threadedBUGTRAQ
21858http://www.securityfocus.com/bid/21858BID
ADV-2007-0032http://www.vupen.com/english/advisories/2007/0032VUPEN
http://www.wisec.it/vulns.php?page=9http://www.wisec.it/vulns.php?page=9MISCExploit Patch
adobe-acrobat-pdf-csrf(31266)https://exchange.xforce.ibmcloud.com/vulnerabilities/31266XF
oval:org.mitre.oval:def:10042https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042OVAL