Vulnerability Details : CVE-2007-0044
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2007-0044
Probability of exploitation activity in the next 30 days: 91.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-0044
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
nvd@nist.gov |
CWE ids for CVE-2007-0044
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0044
- http://www.vupen.com/english/advisories/2007/0032
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://securitytracker.com/id?1017469
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31266
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.securityfocus.com/bid/21858
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
-
http://securityreason.com/securityalert/2090
Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0144.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042
-
http://www.wisec.it/vulns.php?page=9
Exploit;Patch
Products affected by CVE-2007-0044
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*