cvelistv5 - cve-2007-0045

CVE-2007-0045 (GCVE-0-2007-0045)

Vulnerability from cvelistv5

Published

2007-01-03 20:00

Modified

2024-08-07 12:03

Severity ?

CWE

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2007-0021.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/23691	third-party-advisory, x_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA09-286B.html	third-party-advisory, x_refsource_CERT
	https://rhn.redhat.com/errata/RHSA-2007-0017.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/21858	vdb-entry, x_refsource_BID
	http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html	x_refsource_CONFIRM
	http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf	x_refsource_MISC
	http://www.securityfocus.com/archive/1/455790/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securitytracker.com/id?1023007	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/23882	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/455801/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2007/0032	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/24457	third-party-advisory, x_refsource_SECUNIA
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilities/31271	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/archive/1/455831/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.adobe.com/support/security/bulletins/apsb09-15.html	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2007/mfsa2007-02.html	x_refsource_CONFIRM
	http://securityreason.com/securityalert/2090	third-party-advisory, x_refsource_SREASON
	http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html	vendor-advisory, x_refsource_SUSE
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/33754	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/0957	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/archive/1/455836/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/23812	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/455906/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://securitytracker.com/id?1017469	vdb-entry, x_refsource_SECTRACK
	http://www.adobe.com/support/security/advisories/apsa07-01.html	x_refsource_CONFIRM
	http://www.adobe.com/support/security/advisories/apsa07-02.html	x_refsource_CONFIRM
	http://secunia.com/advisories/23483	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/23877	third-party-advisory, x_refsource_SECUNIA
	http://www.gnucitizen.org/blog/universal-pdf-xss-after-party	x_refsource_MISC
	http://www.adobe.com/support/security/bulletins/apsb07-01.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693	vdb-entry, signature, x_refsource_OVAL
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487	vdb-entry, signature, x_refsource_OVAL
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/2898	vdb-entry, x_refsource_VUPEN
	http://www.gnucitizen.org/blog/danger-danger-danger/	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200701-16.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/24533	third-party-advisory, x_refsource_SECUNIA
	http://www.disenchant.ch/blog/hacking-with-browser-plugins/34	x_refsource_MISC
	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	vendor-advisory, x_refsource_SLACKWARE
	http://www.kb.cert.org/vuls/id/815960	third-party-advisory, x_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/455800/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.wisec.it/vulns.php?page=9	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0021",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
          },
          {
            "name": "23691",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23691"
          },
          {
            "name": "TA09-286B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
          },
          {
            "name": "RHSA-2007:0017",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
          },
          {
            "name": "21858",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21858"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
          },
          {
            "name": "20070103 Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
          },
          {
            "name": "1023007",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023007"
          },
          {
            "name": "23882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23882"
          },
          {
            "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
          },
          {
            "name": "ADV-2007-0032",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0032"
          },
          {
            "name": "24457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24457"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "adobe-acrobat-pdf-xss(31271)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
          },
          {
            "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
          },
          {
            "name": "2090",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2090"
          },
          {
            "name": "SUSE-SA:2007:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
          },
          {
            "name": "102847",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
          },
          {
            "name": "33754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33754"
          },
          {
            "name": "ADV-2007-0957",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0957"
          },
          {
            "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
          },
          {
            "name": "23812",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23812"
          },
          {
            "name": "20070104 Universal PDF XSS After Party",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
          },
          {
            "name": "1017469",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017469"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
          },
          {
            "name": "23483",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23483"
          },
          {
            "name": "23877",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23877"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9693",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
          },
          {
            "name": "oval:org.mitre.oval:def:6487",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
          },
          {
            "name": "ADV-2009-2898",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2898"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
          },
          {
            "name": "GLSA-200701-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
          },
          {
            "name": "24533",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24533"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
          },
          {
            "name": "SSA:2007-066-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
          },
          {
            "name": "VU#815960",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/815960"
          },
          {
            "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.wisec.it/vulns.php?page=9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2007:0021",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
        },
        {
          "name": "23691",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23691"
        },
        {
          "name": "TA09-286B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
        },
        {
          "name": "RHSA-2007:0017",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
        },
        {
          "name": "21858",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21858"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
        },
        {
          "name": "20070103 Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
        },
        {
          "name": "1023007",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023007"
        },
        {
          "name": "23882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23882"
        },
        {
          "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
        },
        {
          "name": "ADV-2007-0032",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0032"
        },
        {
          "name": "24457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24457"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "adobe-acrobat-pdf-xss(31271)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
        },
        {
          "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
        },
        {
          "name": "2090",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2090"
        },
        {
          "name": "SUSE-SA:2007:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
        },
        {
          "name": "102847",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
        },
        {
          "name": "33754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33754"
        },
        {
          "name": "ADV-2007-0957",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0957"
        },
        {
          "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
        },
        {
          "name": "23812",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23812"
        },
        {
          "name": "20070104 Universal PDF XSS After Party",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
        },
        {
          "name": "1017469",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017469"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
        },
        {
          "name": "23483",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23483"
        },
        {
          "name": "23877",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23877"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9693",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
        },
        {
          "name": "oval:org.mitre.oval:def:6487",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
        },
        {
          "name": "ADV-2009-2898",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2898"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
        },
        {
          "name": "GLSA-200701-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
        },
        {
          "name": "24533",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24533"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
        },
        {
          "name": "SSA:2007-066-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
        },
        {
          "name": "VU#815960",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/815960"
        },
        {
          "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.wisec.it/vulns.php?page=9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:0021",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
            },
            {
              "name": "23691",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23691"
            },
            {
              "name": "TA09-286B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
            },
            {
              "name": "RHSA-2007:0017",
              "refsource": "REDHAT",
              "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
            },
            {
              "name": "21858",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21858"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
            },
            {
              "name": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf",
              "refsource": "MISC",
              "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
            },
            {
              "name": "20070103 Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
            },
            {
              "name": "1023007",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023007"
            },
            {
              "name": "23882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23882"
            },
            {
              "name": "20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
            },
            {
              "name": "ADV-2007-0032",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0032"
            },
            {
              "name": "24457",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24457"
            },
            {
              "name": "HPSBUX02153",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "adobe-acrobat-pdf-xss(31271)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
            },
            {
              "name": "20070103 Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
            },
            {
              "name": "2090",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2090"
            },
            {
              "name": "SUSE-SA:2007:011",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
            },
            {
              "name": "102847",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
            },
            {
              "name": "33754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33754"
            },
            {
              "name": "ADV-2007-0957",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0957"
            },
            {
              "name": "20070103 RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
            },
            {
              "name": "23812",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23812"
            },
            {
              "name": "20070104 Universal PDF XSS After Party",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
            },
            {
              "name": "1017469",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017469"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa07-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa07-02.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
            },
            {
              "name": "23483",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23483"
            },
            {
              "name": "23877",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23877"
            },
            {
              "name": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb07-01.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9693",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
            },
            {
              "name": "oval:org.mitre.oval:def:6487",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
            },
            {
              "name": "ADV-2009-2898",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2898"
            },
            {
              "name": "http://www.gnucitizen.org/blog/danger-danger-danger/",
              "refsource": "CONFIRM",
              "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
            },
            {
              "name": "GLSA-200701-16",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
            },
            {
              "name": "24533",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24533"
            },
            {
              "name": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34",
              "refsource": "MISC",
              "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
            },
            {
              "name": "SSA:2007-066-05",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
            },
            {
              "name": "VU#815960",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/815960"
            },
            {
              "name": "20070103 Re: Universal XSS with PDF files: highly dangerous",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
            },
            {
              "name": "http://www.wisec.it/vulns.php?page=9",
              "refsource": "MISC",
              "url": "http://www.wisec.it/vulns.php?page=9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0045",
    "datePublished": "2007-01-03T20:00:00.000Z",
    "dateReserved": "2007-01-03T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:03:37.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-445

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Adobe Reader et Adobe Acrobat, certaines permettant l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans Adobe Reader et Adobe Acrobat, certaines permettant l'exécution de code arbitraire à distance. Cet avis corrige l'alerte CERTA-2009-ALE-018 du 9 octobre 2009.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Adobe Reader et Acrobat, versions 8.1.6 et antérieures, pour toutes les plateformes ;
Adobe	Acrobat	Adobe Reader et Acrobat, versions 9.1.3 et antérieures, pour toutes les plateformes ;
Adobe	Acrobat	Adobe Reader et Acrobat, versions 7.1.3 et antérieures, pour toutes les plateformes.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB09-15 du 13 octobre 2009	None	vendor-advisory
Bulletin de sécurité Adobe apsb09-15 du 13 octobre 2009 :	-	other
Alerte du CERTA CERTA-2009-ALE-018 du 9 octobre 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader et Acrobat, versions 8.1.6 et ant\u00e9rieures, pour toutes les plateformes ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader et Acrobat, versions 9.1.3 et ant\u00e9rieures, pour toutes les plateformes ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Reader et Acrobat, versions 7.1.3 et ant\u00e9rieures, pour toutes les plateformes.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Reader et Adobe\nAcrobat, certaines permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\nCet avis corrige l\u0027alerte CERTA-2009-ALE-018 du 9 octobre 2009.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2984"
    },
    {
      "name": "CVE-2009-2995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2995"
    },
    {
      "name": "CVE-2009-2997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2997"
    },
    {
      "name": "CVE-2009-2983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2983"
    },
    {
      "name": "CVE-2009-3431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3431"
    },
    {
      "name": "CVE-2009-2979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2979"
    },
    {
      "name": "CVE-2009-3462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3462"
    },
    {
      "name": "CVE-2009-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3459"
    },
    {
      "name": "CVE-2009-2991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2991"
    },
    {
      "name": "CVE-2009-2564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2564"
    },
    {
      "name": "CVE-2007-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0045"
    },
    {
      "name": "CVE-2009-2988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2988"
    },
    {
      "name": "CVE-2009-3461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3461"
    },
    {
      "name": "CVE-2009-2985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2985"
    },
    {
      "name": "CVE-2009-2992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2992"
    },
    {
      "name": "CVE-2007-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0048"
    },
    {
      "name": "CVE-2009-2981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2981"
    },
    {
      "name": "CVE-2009-2989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2989"
    },
    {
      "name": "CVE-2009-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2982"
    },
    {
      "name": "CVE-2009-2993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2993"
    },
    {
      "name": "CVE-2009-2986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2986"
    },
    {
      "name": "CVE-2009-2994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2994"
    },
    {
      "name": "CVE-2009-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2980"
    },
    {
      "name": "CVE-2009-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3458"
    },
    {
      "name": "CVE-2009-2990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2990"
    },
    {
      "name": "CVE-2009-2996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2996"
    },
    {
      "name": "CVE-2009-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3460"
    },
    {
      "name": "CVE-2009-2998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2998"
    },
    {
      "name": "CVE-2009-2987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2987"
    }
  ],
  "initial_release_date": "2009-10-14T00:00:00",
  "last_revision_date": "2009-10-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb09-15 du 13 octobre 2009 :",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "title": "Alerte du CERTA CERTA-2009-ALE-018 du 9 octobre    2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-018/index.html"
    }
  ],
  "reference": "CERTA-2009-AVI-445",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Adobe Reader et Adobe\nAcrobat, certaines permettant l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Reader et Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB09-15 du 13 octobre 2009",
      "url": null
    }
  ]
}

CERTA-2007-AVI-024

Vulnerability from certfr_avis

Plusieurs vulnérabilités présentes dans Adobe Reader et Adobe Acrobat permettent des attaques de type Cross Site Scripting, un déni de service ou l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités sont présentes dans les produits Adobe Reader et Adobe Acrobat :

la première vulnérabilité permet à une personne malveillante de réaliser des attaques de type Cross Site Scripting en injectant du code JavaScript arbitraire par le biais d'adresses réticulaires (URL) spécialement conçues ;
la seconde permet à une personne malintentionnée de réaliser un déni de service par le biais d'une adresse réticulaire (URL) spécialement formatée ;
la troisième permet l'exécution de code arbitraire dans le contexte de l'utilisateur à l'aide d'un fichier PDF spécialement conçu.

Solution

Les versions 7.0.9 et 8 corrigent les problèmes. A ce jour, Adobe n'a pas encore mis à disposition un correctif pour Adobe Reader et Adobe Acrobat version 6.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	Acrobat	Adobe Reader versions 7.0.8 et antérieures ;
	Adobe	Acrobat	Adobe Acrobat Standard et Professional versions 7.0.8 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 09 janvier 2007	None	vendor-advisory
Bulletin de sécurité Sun Solaris n˚102847 du 14 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:011 :	-	other
Bulletin de sécurité GLSA 200701-16 du 22 janvier 2007 de Gentoo :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0021-2 :	-	other
Bulletin de sécurité Red Hat RHSA-2007:0017-2 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Reader versions 7.0.8 et ant\u00e9rieures ;",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Acrobat Standard et Professional versions 7.0.8 et ant\u00e9rieures.",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Adobe\nReader et Adobe Acrobat :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 permet \u00e0 une personne malveillante de\n    r\u00e9aliser des attaques de type Cross Site Scripting en injectant du\n    code JavaScript arbitraire par le biais d\u0027adresses r\u00e9ticulaires\n    (URL) sp\u00e9cialement con\u00e7ues ;\n-   la seconde permet \u00e0 une personne malintentionn\u00e9e de r\u00e9aliser un d\u00e9ni\n    de service par le biais d\u0027une adresse r\u00e9ticulaire (URL) sp\u00e9cialement\n    format\u00e9e ;\n-   la troisi\u00e8me permet l\u0027ex\u00e9cution de code arbitraire dans le contexte\n    de l\u0027utilisateur \u00e0 l\u0027aide d\u0027un fichier PDF sp\u00e9cialement con\u00e7u.\n\n## Solution\n\nLes versions 7.0.9 et 8 corrigent les probl\u00e8mes. A ce jour, Adobe n\u0027a\npas encore mis \u00e0 disposition un correctif pour Adobe Reader et Adobe\nAcrobat version 6.  \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0046"
    },
    {
      "name": "CVE-2007-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0045"
    },
    {
      "name": "CVE-2007-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0048"
    },
    {
      "name": "CVE-2006-5857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5857"
    }
  ],
  "initial_release_date": "2007-01-10T00:00:00",
  "last_revision_date": "2007-03-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris n\u02da102847 du 14 mars 2007 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:011 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 GLSA 200701-16 du 22 janvier 2007 de    Gentoo :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-16.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0021-2 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0021.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2007:0017-2 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0017.html"
    }
  ],
  "reference": "CERTA-2007-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-10T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences \u00e0 Red Hat, Sun, SuSE, Gentoo.",
      "revision_date": "2007-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Attaques de type cross site scripting"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Adobe Reader et Adobe Acrobat\npermettent des attaques de type \u003cspan class=\"textit\"\u003eCross Site\nScripting\u003c/span\u003e, un d\u00e9ni de service ou l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Acrobat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 09 janvier 2007",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0045 (GCVE-0-2007-0045)

Vulnerability from cvelistv5

CERTA-2009-AVI-445

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-AVI-024

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature