DOM-Based Cross-Site Scripting Flaw in Adobe Acrobat Chrome Extension
CVE-2017-2929

6.1MEDIUM

Key Information:

Vendor

Adobe
Status
Adobe Acrobat Extension For Chrome 15.1.0.3
Vendor
CVE Published:
24 January 2017

What is CVE-2017-2929?

The Adobe Acrobat Chrome extension prior to version 15.1.0.3 is susceptible to a DOM-based cross-site scripting vulnerability. This security flaw allows attackers to inject and execute arbitrary JavaScript code within the context of the affected browser. Exploitation of this vulnerability could enable malicious actions, such as cookie theft or phishing attacks, targeting users who have the extension installed.

Affected Version(s)

Adobe Acrobat Extension for Chrome 15.1.0.3 Adobe Acrobat Extension for Chrome 15.1.0.3

References

http://www.securitytracker.com/id/1037687
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/acrobat/apsb17-...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95693
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.