CVE-2007-0046

Description

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

CVSS Metrics

• v2.0•HIGH•Score: 7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 64.86%• Percentile: 98%

Affected Systems

• adobe•acrobat reader

  ≤ 7.0.8

References (20)

• http://www.redhat.com/support/errata/RHSA-2007-0021.html
• http://secunia.com/advisories/23691
• https://rhn.redhat.com/errata/RHSA-2007-0017.html
• http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
• http://secunia.com/advisories/23882
• http://www.securityfocus.com/archive/1/455801/100/0/threaded
• http://www.vupen.com/english/advisories/2007/0032
• http://securityreason.com/securityalert/2090
• http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
• http://www.vupen.com/english/advisories/2007/0957
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9684
• http://secunia.com/advisories/23812
• http://securitytracker.com/id?1017469
• http://secunia.com/advisories/23877
• https://exchange.xforce.ibmcloud.com/vulnerabilities/31272
• http://www.adobe.com/support/security/bulletins/apsb07-01.html
• http://security.gentoo.org/glsa/glsa-200701-16.xml
• http://secunia.com/advisories/24533
• http://www.wisec.it/vulns.php?page=9