CVE-2007-0044

EPSS 55.5%

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/29383unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/29065 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 https://exchange.xforce.ibmcloud.com/vulnerabilities/31266 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042 http://www.redhat.com/support/errata/RHSA-2008-0144.html http://www.securityfocus.com/archive/1/455801/100/0/threaded