CVE-2007-1377

CVE-2007-1377 is a medium-severity vulnerability in Adobe Acrobat Reader with a CVSS 2.0 base score of 5.0. Its EPSS exploit-prediction score of 20% places it in the 97th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-400.

Key facts

Description

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.

Frequently asked questions

What is CVE-2007-1377?
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
How severe is CVE-2007-1377?
CVE-2007-1377 has a CVSS 2.0 base score of 5.0, rated medium severity.
Is CVE-2007-1377 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 20% (97th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-1377?
CVE-2007-1377 primarily affects Adobe Acrobat Reader. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2007-1377?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2007-1377 published?
CVE-2007-1377 was published on 2007-03-10 and last updated on 2026-06-16.

References

Affected products (4)

More vulnerabilities in Adobe Acrobat Reader

All CVEs affecting Adobe Acrobat Reader →

Other CWE-400 (Uncontrolled Resource Consumption) vulnerabilities

Browse all CWE-400 (Uncontrolled Resource Consumption) vulnerabilities →