|
|
CVE Reference: CVE-2007-0047 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0047 |
|
|
Description: CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/31291 SUSE http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html ST 1017469 SAID Secunia Advisory: SA23882 MISC http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf |
|
| Return to the previous page. |
