CVE-2007-0047

N/A Unknown

Published: January 03, 2007 Modified: April 23, 2026

Description

CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

Source: cve@mitre.org

http://secunia.com/advisories/23882

Source: cve@mitre.org

http://securitytracker.com/id?1017469

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0032

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/31291

Source: cve@mitre.org

http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23882

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017469

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0032

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/31291

Source: af854a3a-2127-422b-91ae-364da2661108

12 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

5.6%

90th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

adobe