cbcvebase.
CVE-2007-0046
published 2007-01-03

CVE-2007-0046: Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary…

PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
55.68%
98.9th percentile
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Affected

1 ranges
VendorProductVersion rangeFixed in
adobeacrobat_reader<= 7.0.8

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://[host]/[filename].pdf#[some text]=javascript:[code]
  • Detect javascript: URI scheme passed as a fragment/parameter to a hosted PDF file via the Acrobat Reader browser plugin, which may indicate exploitation of the XSS or double-free vulnerability.
  • Monitor for javascript: URI calls to document.write delivered via FDF, XML, or XFDF AJAX request parameters to the Adobe Acrobat Reader Plugin, as this is the attack vector for the double-free code execution vulnerability.
  • ·Vulnerability affects Adobe Acrobat Reader Plugin versions before 8.0.0; Adobe Reader 7.0.9 was released as the fix for 7.x branch. Ensure plugin version is confirmed before applying detection logic.
  • ·No update for Adobe Acrobat Reader was available for Red Hat Enterprise Linux 3 at time of disclosure due to library dependency issues; detections on RHEL3 systems may need to account for continued exposure.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.