CVE-2007-0044

Sažetak

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://secunia.com/advisories/23812
http://secunia.com/advisories/23882
http://secunia.com/advisories/29065
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://www.redhat.com/support/errata/RHSA-2008-0144.html
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.securityfocus.com/bid/21858
http://www.vupen.com/english/advisories/2007/0032
http://www.wisec.it/vulns.php?page=9
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

16-10-2018 - 16:30

Objavljeno

03-01-2007 - 21:28