CVE-2007-0045
published 2007-01-03CVE-2007-0045: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
45.26%
98.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | <= 7.0.8 | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat_reader | <= 7.0.8 | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
| adobe | acrobat_reader | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests for .pdf URLs containing 'javascript:' or 'res:' URI schemes in query parameters (FDF, XML, XFDF) or anchor identifiers, which are the attack vectors for this Universal XSS (UXSS) vulnerability. ↗
- →The vulnerable component is the Adobe Acrobat Reader browser plugin (versions before 8.0.0, and Reader 7.x before 7.1.4, 8.x before 8.1.7, 9.x before 9.2). Detect presence of these plugin versions in browsers on Windows hosts. ↗
- →Exploitation targets the Adobe Reader plugin across multiple browsers (Firefox, IE6 SP1, Chrome, Opera). Alert on PDF files loaded via browser plugin that contain FDF, XML, or XFDF AJAX parameters with javascript: or res: URI schemes in the URL fragment or query string. ↗
- ·The vulnerability affects Adobe Acrobat Reader Plugin on Windows only; Linux/other platform deployments of the plugin are not confirmed affected by this specific UXSS vector. ↗
- ·Red Hat noted no update was available for Adobe Reader on RHEL3 at the time of disclosure due to library dependency issues, meaning patching coverage may be incomplete in legacy environments. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3hh-wqwj-xg68: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8
ghsa_unreviewed·2022-05-01
CVE-2007-0045 [MEDIUM] CWE-79 GHSA-p3hh-wqwj-xg68: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
GHSA
GHSA-26rv-g5pr-54w8: Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with >, a different
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1199 [MEDIUM] GHSA-26rv-g5pr-54w8: Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with >, a different
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with >, a different issue than CVE-2007-0045.
Red Hat
file: // URL execution
vendor_redhat·2007-02-28·CVSS 4.3
CVE-2007-1199 [MEDIUM] file: // URL execution
file: // URL execution
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with >, a different issue than CVE-2007-0045.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
Red Hat
security flaw
vendor_redhat·2007-01-03·CVSS 4.3
CVE-2007-0045 [MEDIUM] security flaw
security flaw
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-0045 security flaw
bugzilla·2018-08-16·CVSS 4.3
CVE-2007-0045 [MEDIUM] CVE-2007-0045 security flaw
CVE-2007-0045 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
Bugzilla
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
bugzilla·2007-01-11·CVSS 9.3
CVE-2006-5857 [CRITICAL] CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
Adobe informed us of several security vulnerabilities in Adobe Reader 7.0.8 and
earlier. They are releasing Adobe Reader 7.0.9 which fixes these flaws.
Discussion:
Please note that at this time we do not have an update for Adobe Acrobat Reader
on Red Hat Enterprise Linux 3. This is because the binaries supplied by Adobe
now rely on newer versions of libraries than were shipped with Red Hat
Enterprise Linux 3. We are currently working through possible solutions to this
problem.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
Bugzilla
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
bugzilla·2007-01-05·CVSS 9.3
CVE-2006-5857 [CRITICAL] CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
Adobe informed us of several security vulnerabilities in Adobe Reader 7.0.8 and
earlier. They are releasing Adobe Reader 7.0.9 which fixes these flaws.
Discussion:
These flaws also affect the Adobe Reader shipped with RHEL3.
---
Lifting embargo:
http://www.adobe.com/support/security/bulletins/apsb07-01.html
---
Please note that at this time we do not have an update for Adobe Acrobat Reader
on Red Hat Enterprise Linux 3. This is because the binaries supplied by Adobe
now rely on newer versions of libraries than were shipped with Red Hat
Enterprise Linux 3. We are currently working through possible solutions to this
problem.
---
An advisory has been issued which should help the problem
described in this bug
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlhttp://secunia.com/advisories/23483http://secunia.com/advisories/23691http://secunia.com/advisories/23812http://secunia.com/advisories/23877http://secunia.com/advisories/23882http://secunia.com/advisories/24457http://secunia.com/advisories/24533http://secunia.com/advisories/33754http://security.gentoo.org/glsa/glsa-200701-16.xmlhttp://securityreason.com/securityalert/2090http://securitytracker.com/id?1017469http://securitytracker.com/id?1023007http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1http://www.adobe.com/support/security/advisories/apsa07-01.htmlhttp://www.adobe.com/support/security/advisories/apsa07-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb07-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.disenchant.ch/blog/hacking-with-browser-plugins/34http://www.gnucitizen.org/blog/danger-danger-danger/http://www.gnucitizen.org/blog/universal-pdf-xss-after-partyhttp://www.kb.cert.org/vuls/id/815960http://www.mozilla.org/security/announce/2007/mfsa2007-02.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0021.htmlhttp://www.securityfocus.com/archive/1/455790/100/0/threadedhttp://www.securityfocus.com/archive/1/455800/100/0/threadedhttp://www.securityfocus.com/archive/1/455801/100/0/threadedhttp://www.securityfocus.com/archive/1/455831/100/0/threadedhttp://www.securityfocus.com/archive/1/455836/100/0/threadedhttp://www.securityfocus.com/archive/1/455906/100/0/threadedhttp://www.securityfocus.com/bid/21858http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2007/0032http://www.vupen.com/english/advisories/2007/0957http://www.vupen.com/english/advisories/2009/2898http://www.wisec.it/vulns.php?page=9https://exchange.xforce.ibmcloud.com/vulnerabilities/31271https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693https://rhn.redhat.com/errata/RHSA-2007-0017.htmlhttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlhttp://secunia.com/advisories/23483http://secunia.com/advisories/23691http://secunia.com/advisories/23812http://secunia.com/advisories/23877http://secunia.com/advisories/23882http://secunia.com/advisories/24457http://secunia.com/advisories/24533http://secunia.com/advisories/33754http://security.gentoo.org/glsa/glsa-200701-16.xmlhttp://securityreason.com/securityalert/2090http://securitytracker.com/id?1017469http://securitytracker.com/id?1023007http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1http://www.adobe.com/support/security/advisories/apsa07-01.htmlhttp://www.adobe.com/support/security/advisories/apsa07-02.htmlhttp://www.adobe.com/support/security/bulletins/apsb07-01.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://www.disenchant.ch/blog/hacking-with-browser-plugins/34http://www.gnucitizen.org/blog/danger-danger-danger/http://www.gnucitizen.org/blog/universal-pdf-xss-after-partyhttp://www.kb.cert.org/vuls/id/815960http://www.mozilla.org/security/announce/2007/mfsa2007-02.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0021.htmlhttp://www.securityfocus.com/archive/1/455790/100/0/threadedhttp://www.securityfocus.com/archive/1/455800/100/0/threadedhttp://www.securityfocus.com/archive/1/455801/100/0/threadedhttp://www.securityfocus.com/archive/1/455831/100/0/threadedhttp://www.securityfocus.com/archive/1/455836/100/0/threadedhttp://www.securityfocus.com/archive/1/455906/100/0/threadedhttp://www.securityfocus.com/bid/21858http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.vupen.com/english/advisories/2007/0032http://www.vupen.com/english/advisories/2007/0957http://www.vupen.com/english/advisories/2009/2898http://www.wisec.it/vulns.php?page=9https://exchange.xforce.ibmcloud.com/vulnerabilities/31271https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693https://rhn.redhat.com/errata/RHSA-2007-0017.html
2007-01-03
Published