CVE-2007-0045

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

References

http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

http://secunia.com/advisories/23483

http://secunia.com/advisories/23691

http://secunia.com/advisories/23812

http://secunia.com/advisories/23877

http://secunia.com/advisories/23882

http://secunia.com/advisories/24457

http://secunia.com/advisories/24533

http://secunia.com/advisories/33754

http://security.gentoo.org/glsa/glsa-200701-16.xml

http://securityreason.com/securityalert/2090

http://securitytracker.com/id?1017469

http://securitytracker.com/id?1023007

https://exchange.xforce.ibmcloud.com/vulnerabilities/31271

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693

https://rhn.redhat.com/errata/RHSA-2007-0017.html

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1

http://www.adobe.com/support/security/advisories/apsa07-01.html

http://www.adobe.com/support/security/advisories/apsa07-02.html

http://www.adobe.com/support/security/bulletins/apsb07-01.html

http://www.adobe.com/support/security/bulletins/apsb09-15.html

http://www.kb.cert.org/vuls/id/815960

http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

http://www.redhat.com/support/errata/RHSA-2007-0021.html

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

http://www.vupen.com/english/advisories/2007/0032

http://www.vupen.com/english/advisories/2007/0957

http://www.vupen.com/english/advisories/2009/2898

Details

Source: Mitre, NVD

Published: 2007-01-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium