CVE-2007-0048

Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue."

Published: Jan 3, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-0048
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / acrobat	7.0.6	7.0.6.x
adobe / acrobat_reader	7.0.5	7.0.5.x
adobe / acrobat_reader	7.0.6	7.0.6.x
adobe / acrobat	7.0	7.0.x
adobe / acrobat_reader	7.0.8	7.0.8.x
adobe / acrobat	7.0.5	7.0.5.x
adobe / acrobat_reader	6.0.3	6.0.3.x
adobe / acrobat	-	7.0.8.x
adobe / acrobat_3d	-	-
adobe / acrobat_reader	7.0.7	7.0.7.x
adobe / acrobat	7.0.3	7.0.3.x
adobe / acrobat	7.0.4	7.0.4.x
adobe / acrobat_reader	7.0.3	7.0.3.x
adobe / acrobat	7.0.2	7.0.2.x
adobe / acrobat_reader	7.0.1	7.0.1.x
adobe / acrobat_reader	7.0.2	7.0.2.x
adobe / acrobat_reader	7.0	7.0.x
adobe / acrobat	7.0.7	7.0.7.x
adobe / acrobat	7.0.8	7.0.8.x
adobe / acrobat	7.0.1	7.0.1.x
adobe / acrobat_reader	6.0.1	6.0.1.x
adobe / acrobat_reader	6.0.5	6.0.5.x
adobe / acrobat_reader	6.0	6.0.x
adobe / acrobat_reader	6.0.2	6.0.2.x
adobe / acrobat_reader	6.0.4	6.0.4.x
adobe / acrobat_reader	-	7.0.8.x
adobe / acrobat_reader	7.0.4	7.0.4.x

Vulnerability Database

314,496

CVE-2007-0048

Deep Security Visibility Without the Complexity