Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0044Cross-Site Request Forgery in Adobe Acrobat

CWE-352Cross-Site Request Forgery6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
39.9%
top 2.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJan 3
Latest updateMay 1

Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDadobe/acrobat_reader7.0.8+15
NVDadobe/acrobat7.0.8+9

Patches

Patch: www.wisec.itPatch: www.wisec.it

🔴Vulnerability Details

1
GHSA
GHSA-f39f-q7vr-84pm: Adobe Acrobat Reader Plugin before 82022-05-01

💥Exploits & PoCs

1
Exploit-DB
Adobe Reader 9.1.3 Plugin - Cross-Site Scripting2007-01-03

📋Vendor Advisories

1
Red Hat
Acrobat Reader Universal CSRF and session riding2007-01-03

💬Community

2
Bugzilla
CVE-2007-0494 BIND dnssec denial of service2007-01-29
Bugzilla
CVE-2007-0044 Acrobat Reader Universal CSRF and session riding2007-01-17
CVE-2007-0044 — Cross-Site Request Forgery in Adobe | cvebase