CVE-2007-0046
published 2007-01-03CVE-2007-0046: Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
55.68%
98.9th percentile
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat_reader | <= 7.0.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect javascript: URI scheme passed as a fragment/parameter to a hosted PDF file via the Acrobat Reader browser plugin, which may indicate exploitation of the XSS or double-free vulnerability. ↗
- →Monitor for javascript: URI calls to document.write delivered via FDF, XML, or XFDF AJAX request parameters to the Adobe Acrobat Reader Plugin, as this is the attack vector for the double-free code execution vulnerability. ↗
- ·Vulnerability affects Adobe Acrobat Reader Plugin versions before 8.0.0; Adobe Reader 7.0.9 was released as the fix for 7.x branch. Ensure plugin version is confirmed before applying detection logic. ↗
- ·No update for Adobe Acrobat Reader was available for Red Hat Enterprise Linux 3 at time of disclosure due to library dependency issues; detections on RHEL3 systems may need to account for continued exposure. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2007-01-03·CVSS 7.5
CVE-2007-0046 [HIGH] security flaw
security flaw
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
GHSA
GHSA-q78c-5c63-6wq4: Double free vulnerability in the Adobe Acrobat Reader Plugin before 8
ghsa_unreviewed·2022-05-01
CVE-2007-0046 [HIGH] GHSA-q78c-5c63-6wq4: Double free vulnerability in the Adobe Acrobat Reader Plugin before 8
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
No detection rules found.
Bugzilla
CVE-2007-0046 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2007-0046 [HIGH] CVE-2007-0046 security flaw
CVE-2007-0046 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
Bugzilla
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
bugzilla·2007-01-11·CVSS 9.3
CVE-2006-5857 [CRITICAL] CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
Adobe informed us of several security vulnerabilities in Adobe Reader 7.0.8 and
earlier. They are releasing Adobe Reader 7.0.9 which fixes these flaws.
Discussion:
Please note that at this time we do not have an update for Adobe Acrobat Reader
on Red Hat Enterprise Linux 3. This is because the binaries supplied by Adobe
now rely on newer versions of libraries than were shipped with Red Hat
Enterprise Linux 3. We are currently working through possible solutions to this
problem.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
Bugzilla
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
bugzilla·2007-01-05·CVSS 9.3
CVE-2006-5857 [CRITICAL] CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
CVE-2006-5857 Multiple Acrobat vulnerabilities (CVE-2007-0045 CVE-2007-0046)
Adobe informed us of several security vulnerabilities in Adobe Reader 7.0.8 and
earlier. They are releasing Adobe Reader 7.0.9 which fixes these flaws.
Discussion:
These flaws also affect the Adobe Reader shipped with RHEL3.
---
Lifting embargo:
http://www.adobe.com/support/security/bulletins/apsb07-01.html
---
Please note that at this time we do not have an update for Adobe Acrobat Reader
on Red Hat Enterprise Linux 3. This is because the binaries supplied by Adobe
now rely on newer versions of libraries than were shipped with Red Hat
Enterprise Linux 3. We are currently working through possible solutions to this
problem.
---
An advisory has been issued which should help the problem
described in this bug
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlhttp://secunia.com/advisories/23691http://secunia.com/advisories/23812http://secunia.com/advisories/23877http://secunia.com/advisories/23882http://secunia.com/advisories/24533http://security.gentoo.org/glsa/glsa-200701-16.xmlhttp://securityreason.com/securityalert/2090http://securitytracker.com/id?1017469http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1http://www.adobe.com/support/security/bulletins/apsb07-01.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0021.htmlhttp://www.securityfocus.com/archive/1/455801/100/0/threadedhttp://www.vupen.com/english/advisories/2007/0032http://www.vupen.com/english/advisories/2007/0957http://www.wisec.it/vulns.php?page=9https://exchange.xforce.ibmcloud.com/vulnerabilities/31272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684https://rhn.redhat.com/errata/RHSA-2007-0017.htmlhttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlhttp://secunia.com/advisories/23691http://secunia.com/advisories/23812http://secunia.com/advisories/23877http://secunia.com/advisories/23882http://secunia.com/advisories/24533http://security.gentoo.org/glsa/glsa-200701-16.xmlhttp://securityreason.com/securityalert/2090http://securitytracker.com/id?1017469http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1http://www.adobe.com/support/security/bulletins/apsb07-01.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0021.htmlhttp://www.securityfocus.com/archive/1/455801/100/0/threadedhttp://www.vupen.com/english/advisories/2007/0032http://www.vupen.com/english/advisories/2007/0957http://www.wisec.it/vulns.php?page=9https://exchange.xforce.ibmcloud.com/vulnerabilities/31272https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684https://rhn.redhat.com/errata/RHSA-2007-0017.html
2007-01-03
Published