Adobe Acrobat PDF Universal Cross-Site Scripting (XSS) Vulnerability
This isn’t strictly a Framemaker issue, but given the severity of the exposure, it’s worth talking about.
Several web sites and blogs are reporting a major security hole in Adobe’s Acrobat PDF. (And unlike most such vulnerabilities, whipping boy Internet Explorer isn’t the problem, and Firefoxsters and OperaDivas can’t run around shouting “We’re immune!”) For example:
http://blog.php-security.org/archives/68-Universal-XSS-through-Adope-PDF-Plugin.html
http://davi.poetry.org/blog/?p=998
http://isc.sans.org/diary.php?storyid=1999
http://singe.za.net/blog/archives/801-Universal-XSS-in-Adobe-PDF-Browser-Plugin.html
http://michaeldaw.org/md-hacks/backdooring-pdf-files/
Attackers can easily steal cookies from your machine using a cleverly constructed link from any web site that offers PDF– without even having access to the PDF.
Short of client-side fixes, there’s really no defense against this. Adobe will probably move to address this very quickly. (But I guess it means I have to actually accept all those irritating Acrobat security fixes Adobe’s constantly trying to push out to me– along with the Yahoo! Toolbar…)
Anyway, folks– be careful out there.
-The Source
Women s viagra. wrote:
Free viagra….
Viagra. Viagra on line. Viagra side effects. Best price for generic viagra. How viagra works. Viagra for order lamisil viagra. Viagra clips. Taking viagra with cialis. Viagra from canada….
Posted on 02-Feb-08 at 2:05 am | Permalink