5

CVE-2007-0048

Exploit
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeAcrobat Editionelements Version <= 7.0.8
AdobeAcrobat Version7.0 Editionprofessional
AdobeAcrobat Version7.0 Editionstandard
AdobeAcrobat Version7.0.1 Editionprofessional
AdobeAcrobat Version7.0.1 Editionstandard
AdobeAcrobat Version7.0.2 Editionprofessional
AdobeAcrobat Version7.0.2 Editionstandard
AdobeAcrobat Version7.0.3 Editionprofessional
AdobeAcrobat Version7.0.3 Editionstandard
AdobeAcrobat Version7.0.4 Editionprofessional
AdobeAcrobat Version7.0.4 Editionstandard
AdobeAcrobat Version7.0.5 Editionprofessional
AdobeAcrobat Version7.0.5 Editionstandard
AdobeAcrobat Version7.0.6 Editionprofessional
AdobeAcrobat Version7.0.6 Editionstandard
AdobeAcrobat Version7.0.7 Editionprofessional
AdobeAcrobat Version7.0.7 Editionstandard
AdobeAcrobat Version7.0.8 Editionprofessional
AdobeAcrobat Version7.0.8 Editionstandard
AdobeAcrobat Reader Version <= 7.0.8
AdobeAcrobat Reader Version6.0
AdobeAcrobat Reader Version6.0.1
AdobeAcrobat Reader Version6.0.2
AdobeAcrobat Reader Version6.0.3
AdobeAcrobat Reader Version6.0.4
AdobeAcrobat Reader Version6.0.5
AdobeAcrobat Reader Version7.0
AdobeAcrobat Reader Version7.0.1
AdobeAcrobat Reader Version7.0.2
AdobeAcrobat Reader Version7.0.3
AdobeAcrobat Reader Version7.0.4
AdobeAcrobat Reader Version7.0.5
AdobeAcrobat Reader Version7.0.6
AdobeAcrobat Reader Version7.0.7
AdobeAcrobat Reader Version7.0.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 31.51% 0.981
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://secunia.com/advisories/23812
http://secunia.com/advisories/23882
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.vupen.com/english/advisories/2007/0032
http://www.wisec.it/vulns.php?page=9
Patch
Vendor Advisory
Exploit
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
http://secunia.com/advisories/33754
http://securitytracker.com/id?1023007
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
US Government Resource
http://www.vupen.com/english/advisories/2009/2898
http://osvdb.org/31596
https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348