CVE-2007-0045

Common Vulnerabilities and Exposures

Upstream information

CVE-2007-0045 at MITRE

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 231724, 244923, 546083

SUSE Security Advisories:

SUSE-SA:2007:011, published Mon, 22 Jan 2007 18:00:00 +0000
SUSE-SA:2009:049, published Mon, 26 Oct 2009 12:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for x86	`acroread >= 7.0.9-2.5`	core9.x86 YOU Patch Nr: 11433
openSUSE 10.3	`acroread >= 8.1.7-0.1`	Builds
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread_ja >= 8.1.7-0.5.1`	sled10-sp2.x86-64 sled10-sp2.x86 ZYPP Patch Nr: 6584
SUSE LINUX 10.1	`acroread >= 7.0.9-1.2`
SUSE LINUX 10.0 SUSE LINUX 9.3 openSUSE 10.2	`acroread >= 7.0.9-2.1`
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`acroread >= 8.1.7-0.5.1`	sled10-sp3.x86-64 sled10-sp3.x86 ZYPP Patch Nr: 6583
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP1 for x86	`acroread_ja >= 7.0.9-2.2`	Builds ZYPP Patch Nr: 2545
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86	`acroread >= 8.1.7-0.5.1`	sled10-sp2.x86-64 sled10-sp2.x86 ZYPP Patch Nr: 6582
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP1 for x86	`acroread >= 7.0.9-1.2`	Builds ZYPP Patch Nr: 2508
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`acroread_ja >= 8.1.7-0.5.1`	sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6585
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`acroread >= 7.0.9-2.1`	Builds YOU Patch Nr: 11405

List of products where fixes are in QA

SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise Desktop 10 SP3 for x86

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute