Release DateJan 04, 2007 |
Severityhigh |
ImpactExecution of arbitrary scripts in the context of hosting site. |
DescriptionIt indicates a possible exploit of a cross-site scripting Vulnerability in Adobe Acrobat Plugin that may allow an attacker to execute a malicious script in the victim's browser, within the security context of the hosting site, once the link is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. |
Affected ProductsAdobe Acrobat Reader before 8.0 |
Recommended ActionsUpdate to Adobe Acrobat Reader 8.0. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0045 |
Reference/shttp://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfhttp://www.disenchant.ch/blog/hacking-with-browser-plugins/34 |
