Unrated severityNVD Advisory· Published Jan 3, 2007· Updated Apr 23, 2026
CVE-2007-0048
CVE-2007-0048
Description
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."
Affected products
36- cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*+ 18 more
- cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*range: <=7.0.8
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: <=7.0.8
- cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- www.wisec.it/vulns.phpnvdExploitPatchVendor Advisory
- www.us-cert.gov/cas/techalerts/TA09-286B.htmlnvdUS Government Resource
- events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfnvd
- googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlnvd
- lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlnvd
- osvdb.org/31596nvd
- secunia.com/advisories/23812nvd
- secunia.com/advisories/23882nvd
- secunia.com/advisories/33754nvd
- security.gentoo.org/glsa/glsa-200701-16.xmlnvd
- securityreason.com/securityalert/2090nvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- www.adobe.com/support/security/bulletins/apsb07-01.htmlnvd
- www.adobe.com/support/security/bulletins/apsb09-15.htmlnvd
- www.securityfocus.com/archive/1/455801/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0032nvd
- www.vupen.com/english/advisories/2009/2898nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31273nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6348nvd
News mentions
0No linked articles in our index yet.