CVE-2007-0046

Current Description

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Basic Data

Published	January 03, 2007
Last Modified	October 16, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	7.5
Severity	HIGH
Exploitability Score	10.0
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	true

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Including	Version Start Excluding	Version End Excluding
2.3	Application	Adobe	Acrobat Reader	*	*	*	*	*	*	*	*		7.0.8

Vulnerable Software List

Vendor	Product	Versions
Adobe	Acrobat Reader	*

References

Name	Source	URL	Tags
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf	http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf	MISC
SUSE-SA:2007:011	http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html	SUSE
23691	http://secunia.com/advisories/23691	SECUNIA
23812	http://secunia.com/advisories/23812	SECUNIA
23877	http://secunia.com/advisories/23877	SECUNIA
23882	http://secunia.com/advisories/23882	SECUNIA
24533	http://secunia.com/advisories/24533	SECUNIA
GLSA-200701-16	http://security.gentoo.org/glsa/glsa-200701-16.xml	GENTOO
2090	http://securityreason.com/securityalert/2090	SREASON
1017469	http://securitytracker.com/id?1017469	SECTRACK
102847	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1	SUNALERT
http://www.adobe.com/support/security/bulletins/apsb07-01.html	http://www.adobe.com/support/security/bulletins/apsb07-01.html	CONFIRM
RHSA-2007:0021	http://www.redhat.com/support/errata/RHSA-2007-0021.html	REDHAT
20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities	http://www.securityfocus.com/archive/1/455801/100/0/threaded	BUGTRAQ
ADV-2007-0032	http://www.vupen.com/english/advisories/2007/0032	VUPEN
ADV-2007-0957	http://www.vupen.com/english/advisories/2007/0957	VUPEN
http://www.wisec.it/vulns.php?page=9	http://www.wisec.it/vulns.php?page=9	MISC	Exploit Patch
adobe-acrobat-msvcrt-code-execution(31272)	https://exchange.xforce.ibmcloud.com/vulnerabilities/31272	XF
oval:org.mitre.oval:def:9684	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684	OVAL
RHSA-2007:0017	https://rhn.redhat.com/errata/RHSA-2007-0017.html	REDHAT