PT-2007-1540 · Microsoft+1 · Internet Explorer+2

Published

2007-01-03

Updated

2017-07-29

CVE-2007-0047

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Adobe Acrobat Reader Plugin versions prior to 8.0.0

Description A CRLF injection issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer.

Recommendations For Adobe Acrobat Reader Plugin versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0047

Affected Products

Acrobat Reader Plugin

Internet Explorer

Microsoft.Xmlhttp Activex

PT-2007-1540 · Microsoft+1 · Internet Explorer+2

CVE-2007-0047

Related Identifiers

Affected Products

References · 7