CVE-2007-0044 Information

Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox Internet Explorer and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF (2) xml and (3) xfdf AJAX request parameters following the (hash) character aka \Universal CSRF and session riding.\

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/29065 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://www.redhat.com/support/errata/RHSA-2008-0144.html http://www.securityfocus.com/archive/1/455801/100/0/threaded http://www.securityfocus.com/bid/21858 http://www.vupen.com/english/advisories/2007/0032 http://www.wisec.it/vulns.php?page=9 https://exchange.xforce.ibmcloud.com/vulnerabilities/31266 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10042