MitreCVELIST:CVE-2007-0044CVE-2007-0044
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka “Universal CSRF and session riding.”
References
events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
secunia.com/advisories/23812
secunia.com/advisories/23882
secunia.com/advisories/29065
security.gentoo.org/glsa/glsa-200701-16.xml
securityreason.com/securityalert/2090
securitytracker.com/id?1017469
www.redhat.com/support/errata/RHSA-2008-0144.html
www.securityfocus.com/archive/1/455801/100/0/threaded
www.securityfocus.com/bid/21858
www.vupen.com/english/advisories/2007/0032
www.wisec.it/vulns.php?page=9
exchange.xforce.ibmcloud.com/vulnerabilities/31266
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
Related
