CVE-2007-0046 Information

Description

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0 as used in Mozilla Firefox 1.5.0.7 allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF (2) XML or (3) XFDF AJAX request parameters.

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://secunia.com/advisories/23691 http://secunia.com/advisories/23812 http://secunia.com/advisories/23877 http://secunia.com/advisories/23882 http://secunia.com/advisories/24533 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1 http://www.adobe.com/support/security/bulletins/apsb07-01.html http://www.redhat.com/support/errata/RHSA-2007-0021.html http://www.securityfocus.com/archive/1/455801/100/0/threaded http://www.vupen.com/english/advisories/2007/0032 http://www.vupen.com/english/advisories/2007/0957 http://www.wisec.it/vulns.php?page=9 https://exchange.xforce.ibmcloud.com/vulnerabilities/31272 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9684 https://rhn.redhat.com/errata/RHSA-2007-0017.html