CVE-2007-0046

Adobe Acrobat Reader Plugin <8.0.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0046. PoCs published by Stefano Di Paola.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Adobe Acrobat Reader's handling of PDF files. The vulnerability allows arbitrary script execution in the context of the affected site via a maliciously crafted URL.

Description

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefano Di Paola · textremotewindows

https://www.exploit-db.com/exploits/3084

View Code ZIP pw:eip

This is a writeup describing a cross-site scripting (XSS) vulnerability in Adobe Acrobat Reader's handling of PDF files. The vulnerability allows arbitrary script execution in the context of the affected site via a maliciously crafted URL.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe Acrobat Reader (versions affected by CVE-2007-0046)

No auth needed

Prerequisites: A hosted PDF file accessible via a URL · Victim interaction to visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24533

Exploit, Patch x_refsource_misc

http://www.wisec.it/vulns.php?page=9

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0021.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23691

Vendor Advisory vendor-advisory x_refsource_redhat

https://rhn.redhat.com/errata/RHSA-2007-0017.html

Various Sources x_refsource_misc

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23882

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455801/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0032

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2090

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0957

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23812

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017469

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23877

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31272

Various Sources x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb07-01.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200701-16.xml

Scores

EPSS 0.5568

EPSS Percentile 98.9%

Details

Status published

Products (1)

adobe/acrobat_reader < 7.0.8

Published Jan 03, 2007

Tracked Since Feb 18, 2026