fkie_cve-2007-0045
Vulnerability from fkie_nvd
Published
2007-01-03 21:28
Modified
2024-11-21 00:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."
References
cve@mitre.orghttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
cve@mitre.orghttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitre.orghttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
cve@mitre.orghttp://secunia.com/advisories/23483Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23691Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23812Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23877Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23882Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24457Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/24533Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33754Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200701-16.xml
cve@mitre.orghttp://securityreason.com/securityalert/2090
cve@mitre.orghttp://securitytracker.com/id?1017469
cve@mitre.orghttp://securitytracker.com/id?1023007
cve@mitre.orghttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
cve@mitre.orghttp://www.adobe.com/support/security/advisories/apsa07-01.htmlVendor Advisory
cve@mitre.orghttp://www.adobe.com/support/security/advisories/apsa07-02.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb07-01.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-15.html
cve@mitre.orghttp://www.disenchant.ch/blog/hacking-with-browser-plugins/34Exploit
cve@mitre.orghttp://www.gnucitizen.org/blog/danger-danger-danger/Exploit, Vendor Advisory
cve@mitre.orghttp://www.gnucitizen.org/blog/universal-pdf-xss-after-party
cve@mitre.orghttp://www.kb.cert.org/vuls/id/815960Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.mozilla.org/security/announce/2007/mfsa2007-02.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2007-0021.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/455790/100/0/threadedExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/455800/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455801/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455831/100/0/threadedExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/455836/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/455906/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21858
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0032Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0957Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2898Vendor Advisory
cve@mitre.orghttp://www.wisec.it/vulns.php?page=9Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31271
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
cve@mitre.orghttps://rhn.redhat.com/errata/RHSA-2007-0017.html
af854a3a-2127-422b-91ae-364da2661108http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
af854a3a-2127-422b-91ae-364da2661108http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23483Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23691Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23812Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23877Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23882Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24457Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24533Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33754Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200701-16.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2090
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017469
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023007
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa07-01.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa07-02.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb07-01.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-15.html
af854a3a-2127-422b-91ae-364da2661108http://www.disenchant.ch/blog/hacking-with-browser-plugins/34Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/danger-danger-danger/Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/815960Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0021.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455790/100/0/threadedExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455800/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455801/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455831/100/0/threadedExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455836/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/455906/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21858
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2898Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.wisec.it/vulns.php?page=9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
af854a3a-2127-422b-91ae-364da2661108https://rhn.redhat.com/errata/RHSA-2007-0017.html
Impacted products
Vendor Product Version
adobe acrobat *
adobe acrobat 7.0
adobe acrobat 7.0
adobe acrobat 7.0.1
adobe acrobat 7.0.1
adobe acrobat 7.0.2
adobe acrobat 7.0.2
adobe acrobat 7.0.3
adobe acrobat 7.0.3
adobe acrobat 7.0.4
adobe acrobat 7.0.4
adobe acrobat 7.0.5
adobe acrobat 7.0.5
adobe acrobat 7.0.6
adobe acrobat 7.0.6
adobe acrobat 7.0.7
adobe acrobat 7.0.7
adobe acrobat 7.0.8
adobe acrobat 7.0.8
adobe acrobat_3d *
adobe acrobat_reader *
adobe acrobat_reader 6.0
adobe acrobat_reader 6.0.1
adobe acrobat_reader 6.0.2
adobe acrobat_reader 6.0.3
adobe acrobat_reader 6.0.4
adobe acrobat_reader 6.0.5
adobe acrobat_reader 7.0
adobe acrobat_reader 7.0.1
adobe acrobat_reader 7.0.2
adobe acrobat_reader 7.0.3
adobe acrobat_reader 7.0.4
adobe acrobat_reader 7.0.5
adobe acrobat_reader 7.0.6
adobe acrobat_reader 7.0.7
adobe acrobat_reader 7.0.8


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*",
              "matchCriteriaId": "70C786B9-7CEC-474E-B173-F2D9CD78E5B9",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*",
              "matchCriteriaId": "AC8F85CD-8371-4B36-8D6A-8B2CA580631B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*",
              "matchCriteriaId": "C74ECCD2-4E9B-407B-9B14-8A6FB4F768F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*",
              "matchCriteriaId": "FE88C274-CC72-4341-9BF6-1924054A12FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*",
              "matchCriteriaId": "507C02CF-7E81-4131-99DE-63E4EEC45F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*",
              "matchCriteriaId": "3D68FF87-5DCE-4D52-B95A-8ADB6F8C0DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*",
              "matchCriteriaId": "47EBEF8E-3C53-41D5-B344-297ED7C432F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*",
              "matchCriteriaId": "DC0DF265-984D-462D-878E-612783BF0BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0335D33B-20D8-483F-AB5E-E2517F2F900D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*",
              "matchCriteriaId": "4B066C6A-E3ED-4E7B-BE5E-45CDBF1E8959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*",
              "matchCriteriaId": "2341215F-97A7-40B6-B618-7FF022C7CFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D61F0564-59B9-4811-B7FD-BA044C6A94AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9C9A3E43-7334-44B0-BF01-04BB19B6FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "D3E43C1B-D76D-4486-AE7A-943D34D0A92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "9F7310F9-CF09-4B83-B6CA-3FE6DBAB6008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*",
              "matchCriteriaId": "F52F86E7-E845-48A5-9CC4-98E6DAA43C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*",
              "matchCriteriaId": "32C79CBE-CE27-46B2-BD3C-D56DC62CBB46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*",
              "matchCriteriaId": "CC9D669B-7E9D-4F39-894A-D9438000F2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*",
              "matchCriteriaId": "0D9CA54D-9D60-4064-B6AC-8CED8D064465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA58F87E-2E6D-4837-85C9-0A94BB3D269A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD055652-DA7A-4881-ACD3-9D491821DC73",
              "versionEndIncluding": "7.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0BB7C0C-B1D6-4733-BA91-022A1A7FB2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B131DB8-4B6A-4AF2-8D5E-B5EA1AEBFB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9351C2-16ED-4766-B417-8DB3A8766C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74667860-0047-40AD-9468-860591BA9D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEA092A-5532-4DCC-B43D-7A8ECF07FA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9628AFF9-6EE1-4E85-858F-AE96EE64B7F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2D0266-6954-4DBA-9EEE-8BF73B39DD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "24262AFA-2EC8-479E-8922-36DB4243E404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E62096-08B2-4722-A492-11E9A441E85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5370AC6-90EE-48EA-8DBD-54002B102F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36D10A8-D211-437D-98D8-9029D0A9CF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA55D00C-3629-48E4-8699-F62B8D703E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE5E1B7-7B91-4AE1-92AA-4F1763E1BA1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "623324C2-C8B5-4C3C-9C10-9677D5A6740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EAF5E3-F3B4-4AD3-B5F1-281AB0F9C57F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka \"Universal XSS (UXSS).\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Adobe Acrobat Reader Plugin anterior a versi\u00f3n 8.0.0, y posiblemente el plugin distribuido con Adobe Reader versi\u00f3n 7.x anterior a 7.1.4, versi\u00f3n 8.x anterior a 8.1.7, y versi\u00f3n 9.x anterior a 9.2, para Mozilla Firefox, Microsoft Internet Explorer versi\u00f3n 6 SP1, Google Chrome, Opera versi\u00f3n 8.5.4 build 770 y Opera versi\u00f3n 9.10.8679 en Windows permiten a los atacantes remotos inyectar JavaScript arbitrario y conducir otros ataques por medio de una URL .pdf con un javascript: o  URI res: con los par\u00e1metros (1) FDF, (2) XML y (3) AJAX XFDF, o (4) un identificador de anclaje arbitrariamente llamado name=URI, tambi\u00e9n se conoce como \"Universal XSS (UXSS)\"."
    }
  ],
  "id": "CVE-2007-0045",
  "lastModified": "2024-11-21T00:24:50.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-03T21:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23483"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23691"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23877"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24533"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/815960"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0957"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200701-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.338131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/advisories/apsa07-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb07-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.disenchant.ch/blog/hacking-with-browser-plugins/34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.gnucitizen.org/blog/danger-danger-danger/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/universal-pdf-xss-after-party"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/815960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-02.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455790/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455800/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455801/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/archive/1/455831/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455836/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/455906/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.wisec.it/vulns.php?page=9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rhn.redhat.com/errata/RHSA-2007-0017.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.