Launchpad.net

CVE 2007-0046

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.

Related bugs and status

CVE-2007-0046 (Candidate) is related to these bugs:

Bug #78339: Universal XSS

		In	Importance	Status
78339	Universal XSS	acroread (Ubuntu)	High	Fix Released
78339	Universal XSS	acroread (Ubuntu Breezy)	High	Fix Released
78339	Universal XSS	acroread (Ubuntu Dapper)	High	Fix Released
78339	Universal XSS	acroread (Ubuntu Edgy)	High	Fix Released
78339	Universal XSS	acroread (Ubuntu Feisty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://events.ccc.de/c...
MISC: http://www.wisec.it/vu...
SECTRACK: 1017469
REDHAT: RHSA-2007:0017
SECUNIA: 23691
CONFIRM: http://www.adobe.com/s...
GENTOO: GLSA-200701-16
REDHAT: RHSA-2007:0021
SUSE: SUSE-SA:2007:011
SECUNIA: 23812
SECUNIA: 23877
SECUNIA: 23882
SUNALERT: 102847
SECUNIA: 24533
SREASON: 2090
VUPEN: ADV-2007-0032
VUPEN: ADV-2007-0957
XF: adobe-acrobat-msvcrt-c...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070103 Adobe Acrobat...