CVE-2007-0046

Sažetak

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Reference

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://secunia.com/advisories/23691
http://secunia.com/advisories/23812
http://secunia.com/advisories/23877
http://secunia.com/advisories/23882
http://secunia.com/advisories/24533
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.vupen.com/english/advisories/2007/0032
http://www.vupen.com/english/advisories/2007/0957
http://www.wisec.it/vulns.php?page=9
https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684
https://rhn.redhat.com/errata/RHSA-2007-0017.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:30

Objavljeno

03-01-2007 - 21:28