Cross-Site Scripting Vulnerabilities in Adobe Acrobat Reader Plugin
CVE-2007-0045

Currently unrated

Key Information:

Vendor: Adobe
Status: Acrobat; Acrobat Reader; Acrobat 3d
Vendor: CVE Published:; 3 January 2007

Summary

The Adobe Acrobat Reader Plugin is vulnerable to multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary JavaScript code via a crafted .pdf URL containing malicious javascript: or res: URIs. This can lead to significant security risks through arbitrary parameter injection, including but not limited to FDF, XML, and XFDF AJAX parameters as well as specially named anchor identifiers. Users of Adobe Acrobat Reader on various browsers such as Mozilla Firefox, Microsoft Internet Explorer, Google Chrome, and Opera need to be aware of these vulnerabilities and ensure they are using updated versions to mitigate potential exploitation.

References

http://www.redhat.com/support/errata/RHSA-2007-0021.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/23691

third-party-advisoryx_refsource_SECUNIA

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

third-party-advisoryx_refsource_CERT

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 3, 2007
Vulnerability Reserved
Jan 3, 2007