CVE-2007-0045

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader Plugin versions prior to 8.0.0 Adobe Reader 7.x versions prior to 7.1.4 Adobe Reader 8.x versions prior to 8.1.7 Adobe Reader 9.x versions prior to 9.2

Description The issue allows remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI. This can be achieved with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Adobe Acrobat Reader Plugin versions prior to 8.0.0, update to version 8.0.0 or later. For Adobe Reader 7.x versions prior to 7.1.4, update to version 7.1.4 or later. For Adobe Reader 8.x versions prior to 8.1.7, update to version 8.1.7 or later. For Adobe Reader 9.x versions prior to 9.2, update to version 9.2 or later.