CVE-2007-0044

Adobe Acrobat < 7.0.8 - CSRF

Title source: rule
STIX 2.1

Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefano Di Paola · textremotelinux
https://www.exploit-db.com/exploits/29383

References (15)

Core 15
Core References
Various Sources vendor-advisory x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21858
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23882
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455801/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0032
Vendor Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2090
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23812
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017469
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29065
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200701-16.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0144.html
Exploit, Patch x_refsource_misc
http://www.wisec.it/vulns.php?page=9

Scores

EPSS 0.3986
EPSS Percentile 97.3%

Details

CWE
CWE-352
Status published
Products (27)
adobe/acrobat 7.0 (2 CPE variants)
adobe/acrobat 7.0.1 (2 CPE variants)
adobe/acrobat 7.0.2 (2 CPE variants)
adobe/acrobat 7.0.3 (2 CPE variants)
adobe/acrobat 7.0.4 (2 CPE variants)
adobe/acrobat 7.0.5 (2 CPE variants)
adobe/acrobat 7.0.6 (2 CPE variants)
adobe/acrobat 7.0.7 (2 CPE variants)
adobe/acrobat 7.0.8 (2 CPE variants)
adobe/acrobat < 7.0.8
... and 17 more
Published Jan 03, 2007
Tracked Since Feb 18, 2026