CVE-2007-0044

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat; Acrobat Reader; Acrobat 3d
Vendor: CVE Published:; 3 January 2007

Summary

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

References

http://www.securityfocus.com/bid/21858

vdb-entryx_refsource_BID

http://events.ccc.de/congress/2006/Fahrplan/attachments/1...

x_refsource_MISC

http://secunia.com/advisories/23882

third-party-advisoryx_refsource_SECUNIA

EPSS Score

56% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 3, 2007
Vulnerability Reserved
Jan 3, 2007