PT-2007-1539 · Mozilla+1 · Firefox+1

Published

2007-01-03

Updated

2018-10-16

CVE-2007-0046

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader Plugin versions prior to 8.0.0 Mozilla Firefox version 1.5.0.7

Description A double free issue allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the FDF, XML, or XFDF AJAX request parameters.

Recommendations For Adobe Acrobat Reader Plugin versions prior to 8.0.0, update to version 8.0.0 or later. For Mozilla Firefox version 1.5.0.7, consider disabling the javascript: URI handler until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0046

RHSA-2007:0017

RHSA-2007:0021

Affected Products

Acrobat Reader Plugin

Firefox

PT-2007-1539 · Mozilla+1 · Firefox+1

CVE-2007-0046

Related Identifiers

Affected Products

References · 22