CVE-2007-0048Cross-site Scripting in Adobe Acrobat

2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
53.5%
top 2.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Acrobat Reader
Timeline
PublishedJan 3
Latest updateMay 1

Description

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDadobe/acrobat_reader7.0.8+15
NVDadobe/acrobat7.0.8+9

Patches

Patch: www.wisec.itPatch: www.wisec.it

🔴Vulnerability Details

1
GHSA
GHSA-2v7m-vcpp-x8c4: Adobe Acrobat Reader Plugin before 82022-05-01
CVE-2007-0048 — Cross-site Scripting in Adobe Acrobat | cvebase