CVE-2007-0045

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

🔗 References (88)

cve@mitrehttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
cve@mitrehttp://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
cve@mitrehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
cve@mitrehttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
cve@mitrehttp://secunia.com/advisories/23483
cve@mitrehttp://secunia.com/advisories/23691
cve@mitrehttp://secunia.com/advisories/23812
cve@mitrehttp://secunia.com/advisories/23877
cve@mitrehttp://secunia.com/advisories/23882
cve@mitrehttp://secunia.com/advisories/24457
cve@mitrehttp://secunia.com/advisories/24533
cve@mitrehttp://secunia.com/advisories/33754
cve@mitrehttp://security.gentoo.org/glsa/glsa-200701-16.xml
cve@mitrehttp://securityreason.com/securityalert/2090
cve@mitrehttp://securitytracker.com/id?1017469

Is Your Infrastructure Affected by CVE-2007-0045?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-0045

📅 Published

🔄 Last Modified

🔗 References (88)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-0045?