Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1377 — Uncontrolled Resource Consumption in Adobe Acrobat Reader

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

5.0MEDIUMNVD

CNA9.3

EPSS

17.2%

top 4.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Acrobat Reader Mozilla Firefox Opera Browser

Timeline

PublishedMar 10

Latest updateMay 1

Description

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.3

▶NVDadobe/acrobat_reader8.0

▶NVDopera/opera_browser9.2

🔴Vulnerability Details

GHSA

GHSA-jcvx-wgg4-cc84: AcroPDF↗2022-05-01

▶

CVEList

CVE-2007-1377: AcroPDF↗2007-03-10

▶

💥Exploits & PoCs

Exploit-DB

Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption↗2007-03-08

▶