CVE-2007-0048
First published: Wed Jan 03 2007(Updated: )
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=7.0.8 | |
| Adobe Acrobat Reader | =7.0 | |
| Adobe Acrobat Reader | =7.0 | |
| Adobe Acrobat Reader | =7.0.1 | |
| Adobe Acrobat Reader | =7.0.1 | |
| Adobe Acrobat Reader | =7.0.2 | |
| Adobe Acrobat Reader | =7.0.2 | |
| Adobe Acrobat Reader | =7.0.3 | |
| Adobe Acrobat Reader | =7.0.3 | |
| Adobe Acrobat Reader | =7.0.4 | |
| Adobe Acrobat Reader | =7.0.4 | |
| Adobe Acrobat Reader | =7.0.5 | |
| Adobe Acrobat Reader | =7.0.5 | |
| Adobe Acrobat Reader | =7.0.6 | |
| Adobe Acrobat Reader | =7.0.6 | |
| Adobe Acrobat Reader | =7.0.7 | |
| Adobe Acrobat Reader | =7.0.7 | |
| Adobe Acrobat Reader | =7.0.8 | |
| Adobe Acrobat Reader | =7.0.8 | |
| Adobe Acrobat 3D | ||
| Adobe Acrobat Reader Notification Manager | <=7.0.8 | |
| Adobe Acrobat Reader Notification Manager | =6.0 | |
| Adobe Acrobat Reader Notification Manager | =6.0.1 | |
| Adobe Acrobat Reader Notification Manager | =6.0.2 | |
| Adobe Acrobat Reader Notification Manager | =6.0.3 | |
| Adobe Acrobat Reader Notification Manager | =6.0.4 | |
| Adobe Acrobat Reader Notification Manager | =6.0.5 | |
| Adobe Acrobat Reader Notification Manager | =7.0 | |
| Adobe Acrobat Reader Notification Manager | =7.0.1 | |
| Adobe Acrobat Reader Notification Manager | =7.0.2 | |
| Adobe Acrobat Reader Notification Manager | =7.0.3 | |
| Adobe Acrobat Reader Notification Manager | =7.0.4 | |
| Adobe Acrobat Reader Notification Manager | =7.0.5 | |
| Adobe Acrobat Reader Notification Manager | =7.0.6 | |
| Adobe Acrobat Reader Notification Manager | =7.0.7 | |
| Adobe Acrobat Reader Notification Manager | =7.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469
- http://securitytracker.com/id?1023007
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
Frequently Asked Questions
What is the severity of CVE-2007-0048?
CVE-2007-0048 is classified as a denial of service vulnerability affecting Adobe Acrobat Reader.
How do I fix CVE-2007-0048?
To mitigate CVE-2007-0048, users should upgrade to Adobe Acrobat Reader version 8.1.7 or later.
What versions of Adobe software are affected by CVE-2007-0048?
CVE-2007-0048 affects Adobe Acrobat Reader versions 7.x prior to 7.1.4 and 8.x prior to 8.1.7.
Can CVE-2007-0048 be exploited remotely?
Yes, CVE-2007-0048 can be exploited remotely through the usage of malicious PDF files.
What impact does CVE-2007-0048 have on users?
The impact of CVE-2007-0048 includes memory consumption that can lead to application crashes in Adobe Acrobat Reader.
- agent/references
- agent/type
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/7.0.8
- version/adobe acrobat reader/7.0
- version/adobe acrobat reader/7.0.1
- version/adobe acrobat reader/7.0.2
- version/adobe acrobat reader/7.0.3
- version/adobe acrobat reader/7.0.4
- version/adobe acrobat reader/7.0.5
- version/adobe acrobat reader/7.0.6
- version/adobe acrobat reader/7.0.7
- canonical/adobe acrobat 3d
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/7.0.8
- version/adobe acrobat reader notification manager/6.0
- version/adobe acrobat reader notification manager/6.0.1
- version/adobe acrobat reader notification manager/6.0.2
- version/adobe acrobat reader notification manager/6.0.3
- version/adobe acrobat reader notification manager/6.0.4
- version/adobe acrobat reader notification manager/6.0.5
- version/adobe acrobat reader notification manager/7.0
- version/adobe acrobat reader notification manager/7.0.1
- version/adobe acrobat reader notification manager/7.0.2
- version/adobe acrobat reader notification manager/7.0.3
- version/adobe acrobat reader notification manager/7.0.4
- version/adobe acrobat reader notification manager/7.0.5
- version/adobe acrobat reader notification manager/7.0.6
- version/adobe acrobat reader notification manager/7.0.7