cve/2007/CVE-2007-0044.md

### [CVE-2007-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."

### POC

#### Reference
- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
- http://securityreason.com/securityalert/2090
- http://www.wisec.it/vulns.php?page=9

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2007-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0044)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."`

			`### POC`

			`#### Reference`
			`- http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf`
			`- http://securityreason.com/securityalert/2090`
			`- http://www.wisec.it/vulns.php?page=9`

			`#### Github`
			`No PoCs found on GitHub currently.`