Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2007-0044
HistoryJan 03, 2007 - 9:28 p.m.

CVE-2007-0044

2007-01-0321:28:00
CWE-352
mitre
web.nvd.nist.gov
42
adobe
acrobat reader
plugin
security vulnerability
csrf
session riding
remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.929

Percentile

99.0%

JSON

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”

Affected configurations

Nvd
Node
adobeacrobatRange7.0.8elements
OR
adobeacrobatMatch7.0professional
OR
adobeacrobatMatch7.0standard
OR
adobeacrobatMatch7.0.1professional
OR
adobeacrobatMatch7.0.1standard
OR
adobeacrobatMatch7.0.2professional
OR
adobeacrobatMatch7.0.2standard
OR
adobeacrobatMatch7.0.3professional
OR
adobeacrobatMatch7.0.3standard
OR
adobeacrobatMatch7.0.4professional
OR
adobeacrobatMatch7.0.4standard
OR
adobeacrobatMatch7.0.5professional
OR
adobeacrobatMatch7.0.5standard
OR
adobeacrobatMatch7.0.6professional
OR
adobeacrobatMatch7.0.6standard
OR
adobeacrobatMatch7.0.7professional
OR
adobeacrobatMatch7.0.7standard
OR
adobeacrobatMatch7.0.8professional
OR
adobeacrobatMatch7.0.8standard
OR
adobeacrobat_3d
OR
adobeacrobat_readerRange7.0.8
OR
adobeacrobat_readerMatch6.0
OR
adobeacrobat_readerMatch6.0.1
OR
adobeacrobat_readerMatch6.0.2
OR
adobeacrobat_readerMatch6.0.3
OR
adobeacrobat_readerMatch6.0.4
OR
adobeacrobat_readerMatch6.0.5
OR
adobeacrobat_readerMatch7.0
OR
adobeacrobat_readerMatch7.0.1
OR
adobeacrobat_readerMatch7.0.2
OR
adobeacrobat_readerMatch7.0.3
OR
adobeacrobat_readerMatch7.0.4
OR
adobeacrobat_readerMatch7.0.5
OR
adobeacrobat_readerMatch7.0.6
OR
adobeacrobat_readerMatch7.0.7
OR
adobeacrobat_readerMatch7.0.8
VendorProductVersionCPE
adobeacrobat*cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*
adobeacrobat7.0cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
adobeacrobat7.0cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
adobeacrobat7.0.1cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
adobeacrobat7.0.1cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
adobeacrobat7.0.2cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
adobeacrobat7.0.2cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
adobeacrobat7.0.3cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
adobeacrobat7.0.3cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
adobeacrobat7.0.4cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
Rows per page:
1-10 of 361

Related

prion 1
exploitdb 1
nvd 1
cvelist 1
nessus 10
openvas 8
gentoo 1
checkpoint_advisories 1
suse 1
securityvulns 1
redhat 1
prion
prion
Cross site request forgery (csrf)
2007-01-03 21:28:00
exploitdb
exploitdb
Adobe Reader 9.1.3 Plugin - Cross-Site Scripting
2007-01-03 00:00:00
nvd
nvd
CVE-2007-0044
2007-01-03 21:28:00
cvelist
cvelist
CVE-2007-0044
2007-01-03 20:00:00
nessus
nessus
SUSE-SA:2007:011: acroread
2007-02-18 00:00:00
SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 2545)
2007-12-13 00:00:00
SuSE 10 Security Update : acroread (ZYPP Patch Number 2508)
2007-12-13 00:00:00
openvas
openvas
Adobe Reader Multiple Vulnerabilities (Jan 2007) - Mac OS X
2014-04-11 00:00:00
Adobe Reader Multiple Vulnerabilities (Jan 2007) - Linux
2014-04-11 00:00:00
Adobe Reader Multiple Vulnerabilities (Jan 2007) - Windows
2014-04-11 00:00:00
gentoo
gentoo
Adobe Acrobat Reader: Multiple vulnerabilities
2007-01-22 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Multiple Adobe Acrobat Vulnerabilities
2007-01-21 00:00:00
suse
suse
remote code execution in acroread
2007-01-22 18:37:17
securityvulns
securityvulns
Adobe reader plugin PDF files universal crossite scripting
2007-01-04 00:00:00
redhat
redhat
(RHSA-2008:0144) Critical: acroread security update
2008-02-22 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.929

Percentile

99.0%

JSON
Related for CVE-2007-0044
prion1exploitdb1nvd1cvelist1nessus10openvas8gentoo1checkpoint_advisories1suse1securityvulns1redhat1