CVE-2007-0045 — Cross-site Scripting in Adobe Acrobat

CWE-79 — Cross-site Scripting9 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

61.4%

top 1.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedJan 3

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX p…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDadobe/acrobat_reader7.0.8+27

▶NVDadobe/acrobat7.0.8+9

Patches

Patch: www.wisec.it ↗Patch: www.wisec.it ↗

🔴Vulnerability Details

GHSA

GHSA-p3hh-wqwj-xg68: Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8↗2022-05-01

▶

GHSA

GHSA-26rv-g5pr-54w8: Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with >, a different↗2022-05-01

▶

📋Vendor Advisories

Red Hat

file: // URL execution↗2007-02-28

▶

Red Hat

security flaw↗2007-01-03

▶

💬Community

Bugzilla

CVE-2007-0045 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)↗2007-01-11

▶

Bugzilla

CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)↗2007-01-05

▶