CVE-2007-0044

Exploit

EPSS 51.95%
Published 03.01.2007 21:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Affected products Warnungen 0 Metrics 2 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Acrobat Editionelements Version <= 7.0.8

Adobe ≫ Acrobat Version7.0 Editionprofessional

Adobe ≫ Acrobat Version7.0 Editionstandard

Adobe ≫ Acrobat Version7.0.1 Editionprofessional

Adobe ≫ Acrobat Version7.0.1 Editionstandard

Adobe ≫ Acrobat Version7.0.2 Editionprofessional

Adobe ≫ Acrobat Version7.0.2 Editionstandard

Adobe ≫ Acrobat Version7.0.3 Editionprofessional

Adobe ≫ Acrobat Version7.0.3 Editionstandard

Adobe ≫ Acrobat Version7.0.4 Editionprofessional

Adobe ≫ Acrobat Version7.0.4 Editionstandard

Adobe ≫ Acrobat Version7.0.5 Editionprofessional

Adobe ≫ Acrobat Version7.0.5 Editionstandard

Adobe ≫ Acrobat Version7.0.6 Editionprofessional

Adobe ≫ Acrobat Version7.0.6 Editionstandard

Adobe ≫ Acrobat Version7.0.7 Editionprofessional

Adobe ≫ Acrobat Version7.0.7 Editionstandard

Adobe ≫ Acrobat Version7.0.8 Editionprofessional

Adobe ≫ Acrobat Version7.0.8 Editionstandard

Adobe ≫ Acrobat 3d

Adobe ≫ Acrobat Reader Version <= 7.0.8

Adobe ≫ Acrobat Reader Version6.0

Adobe ≫ Acrobat Reader Version6.0.1

Adobe ≫ Acrobat Reader Version6.0.2

Adobe ≫ Acrobat Reader Version6.0.3

Adobe ≫ Acrobat Reader Version6.0.4

Adobe ≫ Acrobat Reader Version6.0.5

Adobe ≫ Acrobat Reader Version7.0

Adobe ≫ Acrobat Reader Version7.0.1

Adobe ≫ Acrobat Reader Version7.0.2

Adobe ≫ Acrobat Reader Version7.0.3

Adobe ≫ Acrobat Reader Version7.0.4

Adobe ≫ Acrobat Reader Version7.0.5

Adobe ≫ Acrobat Reader Version7.0.6

Adobe ≫ Acrobat Reader Version7.0.7

Adobe ≫ Acrobat Reader Version7.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	51.95%	0.978

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

http://secunia.com/advisories/23812

http://secunia.com/advisories/23882

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200701-16.xml

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

http://secunia.com/advisories/29065

Vendor Advisory

http://securityreason.com/securityalert/2090

Vendor Advisory

http://securitytracker.com/id?1017469

http://www.redhat.com/support/errata/RHSA-2008-0144.html