Summary
Detail | |||
---|---|---|---|
Vendor | Adobe | First view | 2007-01-03 |
Product | Acrobat 3d | Last view | 2008-06-25 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
10 | 2008-06-25 | CVE-2008-2641 | Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method." |
5 | 2007-01-03 | CVE-2007-0048 | Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." |
4.3 | 2007-01-03 | CVE-2007-0045 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." |
4.3 | 2007-01-03 | CVE-2007-0044 | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:6348 | Adobe Reader and Acrobat DoS via long sequence of # (hash) characters |
oval:org.mitre.oval:def:9693 | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader P... |
oval:org.mitre.oval:def:6487 | Adobe Reader and Acrobat Multiple Vulnerabilities |
oval:org.mitre.oval:def:10042 | Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, ... |
oval:org.mitre.oval:def:22594 | ELSA-2008:0641: acroread security update (Critical) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
46548 | Adobe Reader/Acrobat Unspecified JavaScript Method Handling Arbitrary Code Ex... |
31596 | Adobe Acrobat Reader Plugin PDF URL Memory Corruption DoS |
31047 | Adobe Acrobat Reader Browser Plug-in PDF CSRF |
31046 | Adobe Acrobat Reader Browser Plug-in PDF XSS |
OpenVAS Exploits
id | Description |
---|---|
2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-03 (acroread) File : nvt/glsa_200910_03.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja) File : nvt/suse_sa_2009_049.nasl |
2009-10-10 | Name : SLES9: Security update for acroread File : nvt/sles9p5018489.nasl |
2009-01-28 | Name : SuSE Update for acroread SUSE-SA:2007:011 File : nvt/gb_suse_2007_011.nasl |
2008-10-04 | Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux) File : nvt/gb_adobe_prdts_code_exec_vuln_lin.nasl |
2008-10-01 | Name : Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows) File : nvt/gb_adobe_prdts_code_exec_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-16 (acroread) File : nvt/glsa_200701_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-10 (acroread) File : nvt/glsa_200808_10.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1336-1 (mozilla-firefox) File : nvt/deb_1336_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Plugin Universal cross-site scripting attempt RuleID : 9842 - Type : FILE-PDF - Revision : 11 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0017.nasl - Type: ACT_GATHER_INFO |
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0021.nasl - Type: ACT_GATHER_INFO |
2011-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_acroread_ja-6585.nasl - Type: ACT_GATHER_INFO |
2011-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_acroread_ja-6584.nasl - Type: ACT_GATHER_INFO |
2011-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_acroread-6583.nasl - Type: ACT_GATHER_INFO |
2011-01-27 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_acroread-6582.nasl - Type: ACT_GATHER_INFO |
2009-10-30 | Name: The remote openSUSE host is missing a security update. File: suse_acroread-6588.nasl - Type: ACT_GATHER_INFO |
2009-10-26 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_acroread_ja-091022.nasl - Type: ACT_GATHER_INFO |
2009-10-26 | Name: The remote SuSE 11 host is missing a security update. File: suse_11_acroread-091022.nasl - Type: ACT_GATHER_INFO |
2009-10-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_1_acroread-091022.nasl - Type: ACT_GATHER_INFO |
2009-10-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200910-03.nasl - Type: ACT_GATHER_INFO |
2009-10-26 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_acroread-091022.nasl - Type: ACT_GATHER_INFO |
2009-10-14 | Name: The version of Adobe Acrobat on the remote Windows host is affected by multip... File: adobe_acrobat_apsb09-15.nasl - Type: ACT_GATHER_INFO |
2009-10-14 | Name: The PDF file viewer on the remote Windows host is affected by a memory corrup... File: adobe_reader_apsb09-15.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_11433.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_12211.nasl - Type: ACT_GATHER_INFO |
2009-08-28 | Name: The version of Adobe Acrobat on the remote Windows host is affected by multip... File: adobe_acrobat_709.nasl - Type: ACT_GATHER_INFO |
2009-08-28 | Name: The version of Adobe Acrobat on the remote Windows host is affected by a Java... File: adobe_acrobat_812_su1.nasl - Type: ACT_GATHER_INFO |
2009-08-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0144.nasl - Type: ACT_GATHER_INFO |
2009-08-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0641.nasl - Type: ACT_GATHER_INFO |
2009-07-21 | Name: The remote openSUSE host is missing a security update. File: suse_11_0_acroread-080722.nasl - Type: ACT_GATHER_INFO |
2009-01-31 | Name: The remote host contains a web browser that is affected by multiple vulnerabi... File: google_chrome_1_0_154_46.nasl - Type: ACT_GATHER_INFO |
2008-08-11 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200808-10.nasl - Type: ACT_GATHER_INFO |
2008-07-24 | Name: The remote openSUSE host is missing a security update. File: suse_acroread-5467.nasl - Type: ACT_GATHER_INFO |
2008-07-24 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_acroread-5466.nasl - Type: ACT_GATHER_INFO |