« NGSEC's Security Game #3 - BrainStorming | Main | Writing Software Security Test Cases: Putting security test cases into your test plan »

Adobe Client Site Plugin Allows Universal XSS

An XSS issue in adobe acrobat allows you to xss a user against any website hosting a PDF file.

UPDATE:
Download Acrobat 8 it address this issue to protect yourself. If you host PDF files on a site it has been suggested that you associate the PDF mimetype on your web server to something unknown. Browsers typically handle non default mime types by prompting the user to download it rather then executing it in the browser.

Challenge Link: http://www.webappsec.org/lists/websecurity/archive/2007-01/msg00015.html

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!