Here are some URL's that can be used to demonstrate the Adobe Acrobat XSS vulnerability to people, and hopefully get them to patch.
- Short - http://tinyurl.com/yjeeoc
- Long - /docs/pdf_check.pdf#blah=javascript:alert('Please go to http://www.adobe.com/products/acrobat/readstep2.html and update your copy of Acrobat reader, you are vulnerable to a rather serious exploit.');location.href='http://www.adobe.com/products/acrobat/readstep2.html'
As an interesting aside, it seems Google has added the following HTTP header to requests for PDFs from their servers:
Content-Disposition: attachment;
This forces PDFs to be opened outside of the browser. Nice work Google.
Trackbacks
Trackback specific URI for this entry
No Trackbacks