CVE-2007-0048 Information

Description

Adobe Acrobat Reader Plugin before 8.0.0 and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4 8.x before 8.1.7 and 9.x before 9.2 when used with Internet Explorer Google Chrome or Opera allows remote attackers to cause a denial of service (memory consumption) via a long sequence of (hash) characters appended to a PDF URL related to a \cross-site scripting issue.\

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html http://osvdb.org/31596 http://secunia.com/advisories/23812 http://secunia.com/advisories/23882 http://secunia.com/advisories/33754 http://security.gentoo.org/glsa/glsa-200701-16.xml http://securityreason.com/securityalert/2090 http://securitytracker.com/id?1017469 http://securitytracker.com/id?1023007 http://www.adobe.com/support/security/bulletins/apsb07-01.html http://www.adobe.com/support/security/bulletins/apsb09-15.html http://www.securityfocus.com/archive/1/455801/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA09-286B.html http://www.vupen.com/english/advisories/2007/0032 http://www.vupen.com/english/advisories/2009/2898 http://www.wisec.it/vulns.php?page=9 https://exchange.xforce.ibmcloud.com/vulnerabilities/31273 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6348