Unrated severityNVD Advisory· Published Jan 3, 2007· Updated Apr 23, 2026
CVE-2007-0044
CVE-2007-0044
Description
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
Affected products
36- cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*+ 18 more
- cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*range: <=7.0.8
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=7.0.8
- cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- www.wisec.it/vulns.phpnvdExploitPatch
- secunia.com/advisories/23882nvdVendor Advisory
- secunia.com/advisories/29065nvdVendor Advisory
- securityreason.com/securityalert/2090nvdVendor Advisory
- events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfnvd
- lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlnvd
- secunia.com/advisories/23812nvd
- security.gentoo.org/glsa/glsa-200701-16.xmlnvd
- securitytracker.com/idnvd
- www.redhat.com/support/errata/RHSA-2008-0144.htmlnvd
- www.securityfocus.com/archive/1/455801/100/0/threadednvd
- www.securityfocus.com/bid/21858nvd
- www.vupen.com/english/advisories/2007/0032nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31266nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10042nvd
News mentions
0No linked articles in our index yet.