Security Flaw in Adobe Acrobat Reader Plugin for Major Browsers
CVE-2007-0044

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat; Acrobat Reader; Acrobat 3d
Vendor: CVE Published:; 3 January 2007

Summary

The Adobe Acrobat Reader Plugin, prior to version 8.0.0, contains a vulnerability that allows remote attackers to exploit Cross-Site Request Forgery (CSRF) techniques. By manipulating AJAX request parameters in embedded URLs, attackers can leverage this flaw to trick the web browser into making unauthorized requests to other websites, potentially exposing sensitive user data and compromising session integrity. This vulnerability affects users employing various web browsers, including Firefox, Internet Explorer, and Opera.

References

http://www.securityfocus.com/bid/21858

vdb-entryx_refsource_BID

http://events.ccc.de/congress/2006/Fahrplan/attachments/1...

x_refsource_MISC

http://secunia.com/advisories/23882

third-party-advisoryx_refsource_SECUNIA

EPSS Score

54% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 3, 2007
Vulnerability Reserved
Jan 3, 2007