Skip to content
Saturday, December 6, 2025
Medium Published: Jan 03, 2007 Modified: Apr 09, 2025

CVE-2007-0045

4.3 CVSS SCORE
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Share:

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

CVSS Vector Details

Attack Vector Network
Attack Complexity M
Confidentiality None
Integrity P
Availability None

Affected Software Configurations

  • a adobe acrobat * * elements * * * * *
  • a adobe acrobat 7.0 * professional * * * * *
  • a adobe acrobat 7.0 * standard * * * * *
  • a adobe acrobat 7.0.1 * professional * * * * *
  • a adobe acrobat 7.0.1 * standard * * * * *
  • a adobe acrobat 7.0.2 * professional * * * * *
  • a adobe acrobat 7.0.2 * standard * * * * *
  • a adobe acrobat 7.0.3 * professional * * * * *
  • a adobe acrobat 7.0.3 * standard * * * * *
  • a adobe acrobat 7.0.4 * professional * * * * *

Weaknesses (CWE)

  • CWE-79

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More
← Back to CVE Tracker