ID CVE-2007-0048
Summary Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:acrobat:7.0:-:professional
    cpe:2.3:a:adobe:acrobat:7.0:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0:-:standard
    cpe:2.3:a:adobe:acrobat:7.0:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.1:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.1:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.1:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.1:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.2:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.2:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.2:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.2:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.3:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.3:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.3:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.3:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.4:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.4:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.4:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.4:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.5:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.5:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.5:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.5:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.6:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.6:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.6:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.6:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.7:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.7:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.7:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.7:-:standard
  • cpe:2.3:a:adobe:acrobat:7.0.8:-:elements
    cpe:2.3:a:adobe:acrobat:7.0.8:-:elements
  • cpe:2.3:a:adobe:acrobat:7.0.8:-:professional
    cpe:2.3:a:adobe:acrobat:7.0.8:-:professional
  • cpe:2.3:a:adobe:acrobat:7.0.8:-:standard
    cpe:2.3:a:adobe:acrobat:7.0.8:-:standard
  • Adobe Acrobat 3D
    cpe:2.3:a:adobe:acrobat_3d
  • cpe:2.3:a:adobe:acrobat_reader:6.0
  • cpe:2.3:a:adobe:acrobat_reader:6.0.1
  • cpe:2.3:a:adobe:acrobat_reader:6.0.2
  • cpe:2.3:a:adobe:acrobat_reader:6.0.3
  • cpe:2.3:a:adobe:acrobat_reader:6.0.4
  • Adobe Acrobat Reader 6.0.5
    cpe:2.3:a:adobe:acrobat_reader:6.0.5
  • cpe:2.3:a:adobe:acrobat_reader:7.0
  • cpe:2.3:a:adobe:acrobat_reader:7.0.1
  • Adobe Acrobat Reader 7.0.2
    cpe:2.3:a:adobe:acrobat_reader:7.0.2
  • cpe:2.3:a:adobe:acrobat_reader:7.0.3
  • Adobe Acrobat Reader 7.0.4
    cpe:2.3:a:adobe:acrobat_reader:7.0.4
  • Adobe Acrobat Reader 7.0.5
    cpe:2.3:a:adobe:acrobat_reader:7.0.5
  • cpe:2.3:a:adobe:acrobat_reader:7.0.6
  • Adobe Acrobat Reader 7.0.7
    cpe:2.3:a:adobe:acrobat_reader:7.0.7
  • Adobe Acrobat Reader 7.0.8
    cpe:2.3:a:adobe:acrobat_reader:7.0.8
CVSS
Base: 5.0 (as of 03-01-2007 - 17:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-16 (Adobe Acrobat Reader: Multiple vulnerabilities) Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. The browser plugin released with Adobe Acrobat Reader (nppdf.so) does not properly handle URLs, and crashes if given a URL that is too long. The plugin does not correctly handle JavaScript, and executes JavaScript that is given as a GET variable to the URL of a PDF file. Lastly, the plugin does not properly handle the FDF, xml, xfdf AJAX request parameters following the # character in a URL, allowing for multiple cross-site scripting vulnerabilities. Impact : An attacker could entice a user to open a specially crafted PDF file and execute arbitrary code with the rights of the user running Adobe Acrobat Reader. An attacker could also entice a user to browse to a specially crafted URL and either crash the Adobe Acrobat Reader browser plugin, execute arbitrary JavaScript in the context of the user's browser, or inject arbitrary HTML or JavaScript into the document being viewed by the user. Note that users who have emerged Adobe Acrobat Reader with the 'nsplugin' USE flag disabled are not vulnerable to issues with the Adobe Acrobat Reader browser plugin. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24252
    published 2007-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24252
    title GLSA-200701-16 : Adobe Acrobat Reader: Multiple vulnerabilities
  • NASL family Windows
    NASL id GOOGLE_CHROME_1_0_154_46.NASL
    description The version of Google Chrome installed on the remote host is earlier than 1.0.154.46. Such versions are reportedly affected by several issues : - Cross-site scripting vulnerabilities in the Adobe Reader Plugin itself could be leveraged using a PDF document to run scripts on arbitrary sites via Google Chrome. (CVE-2007-0048 and CVE-2007-0045) - A cross-domain security-bypass vulnerability that could allow an attacker to bypass the same-origin policy and gain access to potentially sensitive information. (CVE-2009-0276) - A remote attacker may be able to gain access to the 'Set-Cookie' and 'Set-Cookie2' response headers via XMLHttpRequest calls. (CVE-2009-0411)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 35558
    published 2009-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35558
    title Google Chrome < 1.0.154.46 Multiple Vulnerabilities
  • NASL family Windows
    NASL id ADOBE_READER_709.NASL
    description The version of Adobe Reader installed on the remote host is earlier than 7.0.9 / 8.0 and is, therefore, reportedly affected by several security issues, including one that can lead to arbitrary code execution when processing a malicious PDF file.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24002
    published 2007-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24002
    title Adobe Reader < 6.0.6 / 7.0.9 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-2506.NASL
    description The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes : CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. CVE-2007-0045: Cross site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. CVE-2007-0046: A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and Internet Explorer.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27144
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27144
    title openSUSE 10 Security Update : acroread (acroread-2506)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_709.NASL
    description The version of Adobe Acrobat installed on the remote host is earlier than 6.0.6 / 7.0.9 / 8.0 and thus reportedly is affected by several security issues, including one that can lead to arbitrary code execution when processing a malicious PDF file.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 40798
    published 2009-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40798
    title Adobe Acrobat < 6.0.6 / 7.0.9 Multiple Vulnerabilities
  • NASL family Windows
    NASL id ADOBE_PDF_PLUGIN_80.NASL
    description The version of Adobe PDF Plug-In installed on the remote host is earlier than 8.0 / 7.0.9 / 6.0.6 and reportedly fails to properly sanitize input to the 'FDF', 'XML', or 'XFDF' fields used by its 'Open Parameters' feature. By tricking a user into accessing a specially crafted link and depending on the browser with which the plugin is used, a remote attacker may be able to leverage these issues to conduct arbitrary code execution, denial of service, cross-site script forgery, or cross-site scripting attacks against a user on the remote host.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 23975
    published 2007-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23975
    title Adobe PDF Plug-In < 8.0 / 7.0.9 / 6.0.6 Multiple Vulnerabilities (APSB07-01)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200910-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200910-03 (Adobe Reader: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletin referenced below. Impact : A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, Denial of Service, the creation of arbitrary files on the victim's system, 'Trust Manager' bypass, or social engineering attacks. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 42239
    published 2009-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42239
    title GLSA-200910-03 : Adobe Reader: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD_JA-6585.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51709
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51709
    title SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6585)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD_JA-6584.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51708
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51708
    title SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6584)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_ACROREAD-091022.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42247
    published 2009-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42247
    title openSUSE Security Update : acroread (acroread-1426)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_ACROREAD-091022.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42244
    published 2009-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42244
    title openSUSE Security Update : acroread (acroread-1426)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ACROREAD-091022.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42250
    published 2009-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42250
    title SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1425)
  • NASL family Windows
    NASL id ADOBE_READER_APSB09-15.NASL
    description The version of Adobe Reader installed on the remote host is earlier than 9.2 / 8.1.7 / 7.1.4. Such versions are potentially affected by multiple vulnerabilities : - A heap overflow vulnerability. (CVE-2009-3459) - A memory corruption issue. (CVE-2009-2985) - Multiple heap overflow vulnerabilities. (CVE-2009-2986) - An invalid array index issue that could lead to code execution. (CVE-2009-2990) - Multiple input validation vulnerabilities that could lead to code execution. (CVE-2009-2993) - A buffer overflow issue. (CVE-2009-2994) - A heap overflow vulnerability. (CVE-2009-2997) - An input validation issue that could lead to code execution. (CVE-2009-2998) - An input validation issue that could lead to code execution. (CVE-2009-3458) - A memory corruption issue that leads to a denial of service. (CVE-2009-2983) - An integer overflow that leads to a denial of service. (CVE-2009-2980) - A memory corruption issue that leads to a denial of service. (CVE-2009-2996) - An input validation issue that could lead to a bypass of Trust Manager restrictions. (CVE-2009-2981) - A certificate is used that, if compromised, could be used in a social engineering attack. (CVE-2009-2982) - A stack overflow issue that could lead to a denial of service. (CVE-2009-3431) - A XMP-XML entity expansion issue that could lead to a denial of service attack. (CVE-2009-2979) - A remote denial of service issue in the ActiveX control. (CVE-2009-2987) - An input validation issue. (CVE-2009-2988) - An input validation issue specific to the ActiveX control. (CVE-2009-2992) - A third-party web download product is used that could lead to a local privilege escalation. (CVE-2009-2564) - A cross-site scripting issue when the browser plugin in used with Google Chrome and Opera browsers. (CVE-2007-0048, CVE-2007-0045)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 42120
    published 2009-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42120
    title Adobe Reader < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB09-15.NASL
    description The version of Adobe Acrobat installed on the remote host is earlier than 9.2 / 8.1.7 / 7.1.4. Such versions are reportedly affected by multiple vulnerabilities : - A heap overflow vulnerability. (CVE-2009-3459) - A memory corruption issue. (CVE-2009-2985) - Multiple heap overflow vulnerabilities. (CVE-2009-2986) - An invalid array index issue that could lead to code execution. (CVE-2009-2990) - Multiple input validation vulnerabilities that could lead to code execution. (CVE-2009-2993) - A buffer overflow issue. (CVE-2009-2994) - A heap overflow vulnerability. (CVE-2009-2997) - An input validation issue that could lead to code execution. (CVE-2009-2998) - An input validation issue that could lead to code execution. (CVE-2009-3458) - A memory corruption issue. (CVE-2009-3460) - An issue that could allow a malicious user to bypass file extension security controls. (CVE-2009-3461) - An integer overflow vulnerability. (CVE-2009-2989) - A memory corruption issue that leads to a denial of service. (CVE-2009-2983) - An integer overflow that leads to a denial of service. (CVE-2009-2980) - A memory corruption issue that leads to a denial of service. (CVE-2009-2996) - An image decoder issue that leads to a denial of service. (CVE-2009-2984) - An input validation issue that could lead to a bypass of Trust Manager restrictions. (CVE-2009-2981) - A certificate is used that, if compromised, could be used in a social engineering attack. (CVE-2009-2982) - A stack overflow issue that could lead to a denial of service. (CVE-2009-3431) - A XMP-XML entity expansion issue that could lead to a denial of service attack. (CVE-2009-2979) - A remote denial of service issue in the ActiveX control. (CVE-2009-2987) - An input validation issue. (CVE-2009-2988) - An input validation issue specific to the ActiveX control. (CVE-2009-2992) - A cross-site scripting issue when the browser plugin in used with Google Chrome and Opera browsers. (CVE-2007-0048, CVE-2007-0045)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 42119
    published 2009-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42119
    title Adobe Acrobat < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-6583.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51694
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51694
    title SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6583)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-6588.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048, CVE-2007-0045, CVE-2009-2564,CVE-2009-2979, CVE-2009-2980, CVE-2009-2981, CVE-2009-2982, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2988, CVE-2009-2990, CVE-2009-2991, CVE-2009-2992, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3431, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42318
    published 2009-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42318
    title openSUSE 10 Security Update : acroread (acroread-6588)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_ACROREAD_JA-091022.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 42251
    published 2009-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42251
    title SuSE 11 Security Update : acroread_ja (SAT Patch Number 1424)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_ACROREAD-6582.NASL
    description Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim's system via specially crafted PDF files. (CVE-2007-0048 / CVE-2007-0045 / CVE-2009-2564 / CVE-2009-2979 / CVE-2009-2980 / CVE-2009-2981 / CVE-2009-2982 / CVE-2009-2983 / CVE-2009-2985 / CVE-2009-2986 / CVE-2009-2988 / CVE-2009-2990 / CVE-2009-2991 / CVE-2009-2992 / CVE-2009-2993 / CVE-2009-2994 / CVE-2009-2996 / CVE-2009-2997 / CVE-2009-2998 / CVE-2009-3431 / CVE-2009-3458 / CVE-2009-3459 / CVE-2009-3462)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51693
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51693
    title SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6582)
oval via4
accepted 2013-08-12T04:09:26.620-04:00
class vulnerability
contributors
  • name Chandan S
    organization SecPod Technologies
  • name Benjamin Marandel
    organization Marandel.net
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
  • comment Adobe Reader 7 Series is installed
    oval oval:org.mitre.oval:def:6377
  • comment Adobe Reader 8 Series is installed
    oval oval:org.mitre.oval:def:6390
  • comment Adobe Reader 9 Series is installed
    oval oval:org.mitre.oval:def:6523
  • comment Adobe Acrobat 7 Series is installed
    oval oval:org.mitre.oval:def:6213
  • comment Adobe Acrobat 8 Series is installed
    oval oval:org.mitre.oval:def:6452
  • comment Adobe Acrobat 9 Series is installed
    oval oval:org.mitre.oval:def:6013
description Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
family windows
id oval:org.mitre.oval:def:6348
status accepted
submitted 2009-10-23T03:25:55
title Adobe Reader and Acrobat DoS via long sequence of # (hash) characters
version 18
refmap via4
bugtraq 20070103 Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
cert TA09-286B
confirm
gentoo GLSA-200701-16
misc
osvdb 31596
sectrack
  • 1017469
  • 1023007
secunia
  • 23812
  • 23882
  • 33754
sreason 2090
suse SUSE-SA:2007:011
vupen
  • ADV-2007-0032
  • ADV-2009-2898
xf adobe-acrobat-character-dos(31273)
Last major update 07-03-2011 - 21:48
Published 03-01-2007 - 16:28
Last modified 16-10-2018 - 12:30
Back to Top