Unrated severityNVD Advisory· Published Jan 3, 2007· Updated Jun 16, 2026
CVE-2007-0044
CVE-2007-0044
Description
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*+ 34 more
- cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*range: <=7.0.8
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=7.0.8
- cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
- Range: <8.0.0
Patches
Vulnerability mechanics
References
15- www.wisec.it/vulns.phpnvdExploitPatch
- secunia.com/advisories/23882nvdVendor Advisory
- secunia.com/advisories/29065nvdVendor Advisory
- securityreason.com/securityalert/2090nvdVendor Advisory
- events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfnvd
- lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlnvd
- secunia.com/advisories/23812nvd
- security.gentoo.org/glsa/glsa-200701-16.xmlnvd
- securitytracker.com/idnvd
- www.redhat.com/support/errata/RHSA-2008-0144.htmlnvd
- www.securityfocus.com/archive/1/455801/100/0/threadednvd
- www.securityfocus.com/bid/21858nvd
- www.vupen.com/english/advisories/2007/0032nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31266nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042nvd
News mentions
0No linked articles in our index yet.