CVE-2007-0045 in Acrobat Readerinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

01/02/2007

Disclosure

01/03/2007

Moderation

VulDB entry created

Entries

9: VDB-4043

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.61361

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-0045
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0045
CVE Details	https://www.cvedetails.com/cve/CVE-2007-0045/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!