CVE-2007-0048
5
CVSS SCORE
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Description
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P
Affected Software Configurations
- a adobe acrobat * * elements * * * * *
- a adobe acrobat 7.0 * professional * * * * *
- a adobe acrobat 7.0 * standard * * * * *
- a adobe acrobat 7.0.1 * professional * * * * *
- a adobe acrobat 7.0.1 * standard * * * * *
- a adobe acrobat 7.0.2 * professional * * * * *
- a adobe acrobat 7.0.2 * standard * * * * *
- a adobe acrobat 7.0.3 * professional * * * * *
- a adobe acrobat 7.0.3 * standard * * * * *
- a adobe acrobat 7.0.4 * professional * * * * *
Weaknesses (CWE)
- NVD-CWE-Other
References & External Links
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348