Random Entry: eBay Excel Vulnerability Hits Home
< Happy 007! | openMosix and VMWare >

Universal XSS in Adobe PDF Browser Plugin

Stephan Esser just posted about a potentially universal XSS in Adobe's PDF plugin first mentioned here. All it requires is appending "#something=javascript:<insert script here>;" to the end of the link and Adobe PDF will happily execute the JavaScript.

For example.

You should probably disable Adobe's PDF plugin in the meantime. If you don't think XSS attacks are particularly interesting, check out what you can do with XSSProxy.

Wednesday, January 3. 2007
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry