IT Security Portal: Adobe Acrobat Reader - cross-site scripting vulnerability

Thursday, January 04, 2007

Adobe Acrobat Reader - cross-site scripting vulnerability

The vulnerability could be exploited by attackers by getting javascript executed by simply having it appended to the PDF's URL. Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users.

Systems Affected: Adobe Acrobat Reader version 7.0.8 and prior

Solution: Upgrade to Adobe Reader version 8.0.0

SOURCE: CyTRAP Labs

<< Home

: Name: Agapitos Chrysochoos; Location: Serbia and Montenegro

I graduated from Royal Holloway University of London in 2001. My main areas of interest are security and intrusion detection along with security management. Since completing my MSc, I have worked as an IT Security Consultant in a number of interesting projects in the industry. I have worked as an IT Security Consultant in ATHES 2004 Olympic Games, Space Hellas S.A., responsible for security consulting in major financial institutions in Southern Europe. More recently, I have worked as a Security Analyst in ATHENS 2004 Organising Committee for the Olympic Games, responsible for applications security monitoring. At the moment I work as an Information Security Officer for the biggest telecomms provider in Greece.

View my complete profile

IT Security Portal

Thursday, January 04, 2007

Adobe Acrobat Reader - cross-site scripting vulnerability

About Me

Previous Posts