CVE-2007-0044: CSRF

First published: Wed Jan 03 2007(Updated: )

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• collector/nvd-historical
• agent/software-canonical-lookup-request
• collector/nvd-index
• agent/weakness
• agent/remedy
• agent/author
• agent/references
• agent/severity
• agent/softwarecombine
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/tags
• agent/event
• agent/first-publish-date
• agent/source
• vendor/adobe
• canonical/adobe acrobat reader
• version/adobe acrobat reader/7.0.6
• version/adobe acrobat reader/7.0.5
• version/adobe acrobat reader/7.0
• version/adobe acrobat reader/7.0.8
• version/adobe acrobat reader/6.0.3
• canonical/adobe acrobat 3d
• version/adobe acrobat reader/7.0.7
• version/adobe acrobat reader/7.0.3
• version/adobe acrobat reader/7.0.4
• version/adobe acrobat reader/7.0.2
• version/adobe acrobat reader/7.0.1
• version/adobe acrobat reader/6.0.1
• version/adobe acrobat reader/6.0.5
• version/adobe acrobat reader/6.0
• version/adobe acrobat reader/6.0.2
• version/adobe acrobat reader/6.0.4