EXPLOITS

Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting

Author: Stefano Di Paola
type: remote
platform: windows
port: 
date_added: 2007-01-04  
date_updated: 2016-09-20  
verified: 1  
codes: CVE-2007-0046  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 3084.txt  

# Stefano Di Paola
# http://www.wisec.it/

From Secunia:
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user's browser session in context of an affected site.

Example:
- http://[host]/[filename].pdf#[some text]=javascript:[code]

# milw0rm.com [2007-01-05]