CVE-2007-1377

Adobe Acrobat Reader 8.0 - Denial of Service via Malformed PDF URL Anchor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1377. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets a resource consumption vulnerability in Adobe PDF Reader's AcroPDF.dll (version 8.0.0.0) by injecting a large number of '%n' characters into the PDF URL fragment, causing the browser to hang and the AcroRd32.exe process to crash due to excessive CPU and memory usage.

Description

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/3430

This exploit targets a resource consumption vulnerability in Adobe PDF Reader's AcroPDF.dll (version 8.0.0.0) by injecting a large number of '%n' characters into the PDF URL fragment, causing the browser to hang and the AcroRd32.exe process to crash due to excessive CPU and memory usage.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Adobe PDF Reader plug-in AcroPDF.dll ver. 8.0.0.0
No auth needed
Prerequisites: A browser other than Internet Explorer (e.g., Firefox, Opera) · A hosted PDF file accessible via URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link, Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32896
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22856

Scores

EPSS 0.1961
EPSS Percentile 97.0%

Details

CWE
CWE-400
Status published
Products (4)
adobe/acrobat_reader 8.0
mozilla/firefox 2.0.0.3
netscape/navigator
opera/opera_browser 9.2
Published Mar 10, 2007
Tracked Since Feb 18, 2026