CVE-2007-0045 [Medium] | XSS in Acrobat

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

EDB-ID	Source	Kind	Link
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-31	50.14%	58.96%	+8.82%
2	2026-05-22	61.36%	50.14%	-11.22%
3	2025-08-22	—	61.36%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-31

50.14%

58.96%

+8.82%

2026-05-22

61.36%

50.14%

-11.22%

2025-08-22

—

61.36%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2007-0045

vendor	priority	summary	link
`alpine`	—	CVE-2007-0045: no source package rows; 0 state rows across 0 repos (none); fixed 0, open 0.	https://security.alpinelinux.org/vuln/CVE-2007-0045
`gentoo`	normal	CVE-2007-0045: 2 GLSA(s) (200701-16, 200910-03), 1 atom(s) (app-text/acroread); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2007-0045
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2007-0045
`ubuntu`	medium	CVE-2007-0045 medium priority: Ubuntu including 3 source packages (acroread, iceape, xulrunner), 15 status rows across 5 suites (dapper, edgy, feisty, gutsy, upstream): DNE 6, released 5, needs-triage 3, ignored 1.	https://ubuntu.com/security/CVE-2007-0045

Affected software / configurations for CVE-2007-0045

Vendor	Product	Version	Raw CPE
adobe	acrobat	<= 7.0.8	cpe:2.3:a:adobe:acrobat:::elements:::::*
adobe	acrobat	7.0	cpe:2.3:a:adobe:acrobat:7.0::professional:::::
adobe	acrobat	7.0	cpe:2.3:a:adobe:acrobat:7.0::standard:::::
adobe	acrobat	7.0.1	cpe:2.3:a:adobe:acrobat:7.0.1::professional:::::
adobe	acrobat	7.0.1	cpe:2.3:a:adobe:acrobat:7.0.1::standard:::::
adobe	acrobat	7.0.2	cpe:2.3:a:adobe:acrobat:7.0.2::professional:::::
adobe	acrobat	7.0.2	cpe:2.3:a:adobe:acrobat:7.0.2::standard:::::
adobe	acrobat	7.0.3	cpe:2.3:a:adobe:acrobat:7.0.3::professional:::::
adobe	acrobat	7.0.3	cpe:2.3:a:adobe:acrobat:7.0.3::standard:::::
adobe	acrobat	7.0.4	cpe:2.3:a:adobe:acrobat:7.0.4::professional:::::
adobe	acrobat	7.0.4	cpe:2.3:a:adobe:acrobat:7.0.4::standard:::::
adobe	acrobat	7.0.5	cpe:2.3:a:adobe:acrobat:7.0.5::professional:::::
adobe	acrobat	7.0.5	cpe:2.3:a:adobe:acrobat:7.0.5::standard:::::
adobe	acrobat	7.0.6	cpe:2.3:a:adobe:acrobat:7.0.6::professional:::::
adobe	acrobat	7.0.6	cpe:2.3:a:adobe:acrobat:7.0.6::standard:::::
adobe	acrobat	7.0.7	cpe:2.3:a:adobe:acrobat:7.0.7::professional:::::
adobe	acrobat	7.0.7	cpe:2.3:a:adobe:acrobat:7.0.7::standard:::::
adobe	acrobat	7.0.8	cpe:2.3:a:adobe:acrobat:7.0.8::professional:::::
adobe	acrobat	7.0.8	cpe:2.3:a:adobe:acrobat:7.0.8::standard:::::
adobe	acrobat_3d	—	cpe:2.3:a:adobe:acrobat_3d::::::::
adobe	acrobat_reader	<= 7.0.8	cpe:2.3:a:adobe:acrobat_reader::::::::
adobe	acrobat_reader	6.0	cpe:2.3:a:adobe:acrobat_reader:6.0:::::::*
adobe	acrobat_reader	6.0.1	cpe:2.3:a:adobe:acrobat_reader:6.0.1:::::::*
adobe	acrobat_reader	6.0.2	cpe:2.3:a:adobe:acrobat_reader:6.0.2:::::::*
adobe	acrobat_reader	6.0.3	cpe:2.3:a:adobe:acrobat_reader:6.0.3:::::::*
adobe	acrobat_reader	6.0.4	cpe:2.3:a:adobe:acrobat_reader:6.0.4:::::::*
adobe	acrobat_reader	6.0.5	cpe:2.3:a:adobe:acrobat_reader:6.0.5:::::::*
adobe	acrobat_reader	7.0	cpe:2.3:a:adobe:acrobat_reader:7.0:::::::*
adobe	acrobat_reader	7.0.1	cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::*
adobe	acrobat_reader	7.0.2	cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::*
adobe	acrobat_reader	7.0.3	cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::*
adobe	acrobat_reader	7.0.4	cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::*
adobe	acrobat_reader	7.0.5	cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::*
adobe	acrobat_reader	7.0.6	cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::*
adobe	acrobat_reader	7.0.7	cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::*
adobe	acrobat_reader	7.0.8	cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::*

References for CVE-2007-0045

URL	Tags
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
http://secunia.com/advisories/23483	Vendor Advisory
http://secunia.com/advisories/23691	Vendor Advisory
http://secunia.com/advisories/23812	Vendor Advisory
http://secunia.com/advisories/23877	Vendor Advisory
http://secunia.com/advisories/23882	Vendor Advisory
http://secunia.com/advisories/24457	Vendor Advisory
http://secunia.com/advisories/24533	Vendor Advisory
http://secunia.com/advisories/33754	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-16.xml
http://securityreason.com/securityalert/2090
http://securitytracker.com/id?1017469
http://securitytracker.com/id?1023007
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
http://www.adobe.com/support/security/advisories/apsa07-01.html	Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa07-02.html
http://www.adobe.com/support/security/bulletins/apsb07-01.html
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34	Exploit
http://www.gnucitizen.org/blog/danger-danger-danger/	Exploit Vendor Advisory
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
http://www.kb.cert.org/vuls/id/815960	Third Party Advisory US Government Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
http://www.redhat.com/support/errata/RHSA-2007-0021.html
http://www.securityfocus.com/archive/1/455790/100/0/threaded	Exploit
http://www.securityfocus.com/archive/1/455800/100/0/threaded
http://www.securityfocus.com/archive/1/455801/100/0/threaded
http://www.securityfocus.com/archive/1/455831/100/0/threaded	Exploit
http://www.securityfocus.com/archive/1/455836/100/0/threaded
http://www.securityfocus.com/archive/1/455906/100/0/threaded
http://www.securityfocus.com/bid/21858
http://www.us-cert.gov/cas/techalerts/TA09-286B.html	US Government Resource
http://www.vupen.com/english/advisories/2007/0032	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0957	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2898	Vendor Advisory
http://www.wisec.it/vulns.php?page=9	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
https://rhn.redhat.com/errata/RHSA-2007-0017.html

URL

CVE-2007-0045

Public exploit references (Exploit-DB) for CVE-2007-0045

Exploit prediction scoring system (EPSS) score for CVE-2007-0045

Common vulnerability scoring system (CVSS) metrics for CVE-2007-0045

Weakness enumeration for CVE-2007-0045

OS Trackers for CVE-2007-0045

Affected software / configurations for CVE-2007-0045

References for CVE-2007-0045