Adobe XSS Patching

Here are some URL's that can be used to demonstrate the Adobe Acrobat XSS vulnerability to people, and hopefully get them to patch.

Short - http://tinyurl.com/yjeeoc
Long - /docs/pdf_check.pdf#blah=javascript:alert('Please go to http://www.adobe.com/products/acrobat/readstep2.html and update your copy of Acrobat reader, you are vulnerable to a rather serious exploit.');location.href='http://www.adobe.com/products/acrobat/readstep2.html'

As an interesting aside, it seems Google has added the following HTTP header to requests for PDFs from their servers:

Content-Disposition: attachment;

This forces PDFs to be opened outside of the browser. Nice work Google.

Wednesday, January 10. 2007
Posted by Dominic White in Security
Comment (1) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 Charmaine (Reply)
Posted on Monday, January 29. 2007

Hello Dominic! Tell me how you are? How is Danni? Make sure you post something more exciting-not that your posts about computer isn't exciting or interesting its just not very human! OK bye

Add Comment

Name
Email
Homepage
In reply to
Comment
	Remember Information? Subscribe to this entry