CVE-2007-0045 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4 8.x before 8.1.7 and 9.x before 9.2 for Mozilla Firefox Microsoft Internet Explorer 6 SP1 Google Chrome Opera 8.5.4 build 770 and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF (2) XML and (3) XFDF AJAX parameters or (4) an arbitrarily named name=URI anchor identifier aka \Universal XSS (UXSS).\

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23483 http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24457 http://secunia.com/advisories/24533 http://secunia.com/advisories/33754 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://securitytracker.com/id?1023007 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 http://www.adobe.com/support/security/advisories/apsa07-01.html http://www.adobe.com/support/security/advisories/apsa07-02.html http://www.adobe.com/support/security/bulletins/apsb07-01.html http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.disenchant.ch/blog/hacking-with-browser-plugins/34 http://www.gnucitizen.org/blog/danger-danger-danger/ http://www.gnucitizen.org/blog/universal-pdf-xss-after-party http://www.kb.cert.org/vuls/id/815960 http://www.mozilla.org/security/announce/2007/mfsa2007-02.html http://www.redhat.com/support/errata/RHSA-2007-0021.html http://www.securityfocus.com/archive/1/455790/100/0/threaded http://www.securityfocus.com/archive/1/455800/100/0/threaded http://www.securityfocus.com/archive/1/455801/100/0/threaded http://www.securityfocus.com/archive/1/455831/100/0/threaded http://www.securityfocus.com/archive/1/455836/100/0/threaded http://www.securityfocus.com/archive/1/455906/100/0/threaded http://www.securityfocus.com/bid/21858 http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2007/0032 http://www.vupen.com/english/advisories/2007/0957 http://www.vupen.com/english/advisories/2009/2898 http://www.wisec.it/vulns.php?page=9 https://exchange.xforce.ibmcloud.com/vulnerabilities/31271 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6487 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9693 https://rhn.redhat.com/errata/RHSA-2007-0017.html

Share on: