CVE-2007-0044
CVE-2007-0044
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/29383não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlhttp://secunia.com/advisories/23812http://secunia.com/advisories/23882http://secunia.com/advisories/29065http://security.gentoo.org/glsa/glsa-200701-16.xmlhttp://securityreason.com/securityalert/2090http://securitytracker.com/id?1017469https://exchange.xforce.ibmcloud.com/vulnerabilities/31266https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042http://www.redhat.com/support/errata/RHSA-2008-0144.htmlhttp://www.securityfocus.com/archive/1/455801/100/0/threaded