Vulnerability Details CVE-2007-0048
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.517
EPSS Ranking 97.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
Products affected by CVE-2007-0048
-
cpe:2.3:a:adobe:acrobat:*
-
cpe:2.3:a:adobe:acrobat:7.0
-
cpe:2.3:a:adobe:acrobat:7.0.1
-
cpe:2.3:a:adobe:acrobat:7.0.2
-
cpe:2.3:a:adobe:acrobat:7.0.3
-
cpe:2.3:a:adobe:acrobat:7.0.4
-
cpe:2.3:a:adobe:acrobat:7.0.5
-
cpe:2.3:a:adobe:acrobat:7.0.6
-
cpe:2.3:a:adobe:acrobat:7.0.7
-
cpe:2.3:a:adobe:acrobat:7.0.8
-
cpe:2.3:a:adobe:acrobat_3d:-
-
cpe:2.3:a:adobe:acrobat_reader:-
-
cpe:2.3:a:adobe:acrobat_reader:3.0
-
cpe:2.3:a:adobe:acrobat_reader:3.01
-
cpe:2.3:a:adobe:acrobat_reader:3.02
-
cpe:2.3:a:adobe:acrobat_reader:4.0
-
cpe:2.3:a:adobe:acrobat_reader:4.0.5
-
cpe:2.3:a:adobe:acrobat_reader:4.0.5a
-
cpe:2.3:a:adobe:acrobat_reader:4.0.5c
-
cpe:2.3:a:adobe:acrobat_reader:4.5
-
cpe:2.3:a:adobe:acrobat_reader:5.0
-
cpe:2.3:a:adobe:acrobat_reader:5.0.10
-
cpe:2.3:a:adobe:acrobat_reader:5.0.11
-
cpe:2.3:a:adobe:acrobat_reader:5.0.5
-
cpe:2.3:a:adobe:acrobat_reader:5.0.6
-
cpe:2.3:a:adobe:acrobat_reader:5.0.7
-
cpe:2.3:a:adobe:acrobat_reader:5.0.9
-
cpe:2.3:a:adobe:acrobat_reader:5.1
-
cpe:2.3:a:adobe:acrobat_reader:6.0
-
cpe:2.3:a:adobe:acrobat_reader:6.0.1
-
cpe:2.3:a:adobe:acrobat_reader:6.0.2
-
cpe:2.3:a:adobe:acrobat_reader:6.0.3
-
cpe:2.3:a:adobe:acrobat_reader:6.0.4
-
cpe:2.3:a:adobe:acrobat_reader:6.0.5
-
cpe:2.3:a:adobe:acrobat_reader:7.0
-
cpe:2.3:a:adobe:acrobat_reader:7.0.1
-
cpe:2.3:a:adobe:acrobat_reader:7.0.2
-
cpe:2.3:a:adobe:acrobat_reader:7.0.3
-
cpe:2.3:a:adobe:acrobat_reader:7.0.4
-
cpe:2.3:a:adobe:acrobat_reader:7.0.5
-
cpe:2.3:a:adobe:acrobat_reader:7.0.6
-
cpe:2.3:a:adobe:acrobat_reader:7.0.7
-
cpe:2.3:a:adobe:acrobat_reader:7.0.8