Vulnerability Description
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Acrobat | <= 7.0.8 |
| Adobe | Acrobat 3D | All versions |
| Adobe | Acrobat Reader | <= 7.0.8 |
References
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-a
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
FAQ
What is CVE-2007-0048?
CVE-2007-0048 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome,...
How severe is CVE-2007-0048?
CVE-2007-0048 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0048?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Acrobat, Adobe Acrobat 3D, Adobe Acrobat Reader.