CVE-2007-0048
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/01/2007
Last modified:
09/04/2025
Description
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:* | 7.0.8 (including) | |
| cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:* | ||
| cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469=
- http://securitytracker.com/id?1023007=
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
- http://osvdb.org/31596
- http://secunia.com/advisories/23812
- http://secunia.com/advisories/23882
- http://secunia.com/advisories/33754
- http://security.gentoo.org/glsa/glsa-200701-16.xml
- http://securityreason.com/securityalert/2090
- http://securitytracker.com/id?1017469=
- http://securitytracker.com/id?1023007=
- http://www.adobe.com/support/security/bulletins/apsb07-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-15.html
- http://www.securityfocus.com/archive/1/455801/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA09-286B.html
- http://www.vupen.com/english/advisories/2007/0032
- http://www.vupen.com/english/advisories/2009/2898
- http://www.wisec.it/vulns.php?page=9
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31273
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348