Universal PDF XSS
Monday, January 15th, 2007##Update!
##As of Sunday, January 14, 2007
##Adobe has launched the patch for the recently discovered security flaw in their acrobat
##software application. The company added that the flaw affected Acrobat Standard,
##Professional, and Elements in versions 7.08 and older. Adobe further confirmed that the
##recently launched version 8.0 was not affected by this flaw and the users are not required
##to download any patch. The company also added that the Acrobat 3D was also at risk but
##gave few details on the versions affected by the flaw. This flaw was related to a technique
##known as cross-site scripting which allowed hackers to mix malicious JavaScript with a link
##to a PDF file on a website.
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user’s browser session in context of an affected site.Example:
- http://[host]/[filename].pdf#[some text]=javascript:[code]
The Universal PDF XSS issue was discovered by Stefano Di Paola and Giorgio Fedon and it was presented on 23C3 security conference. This vulnerability obviously affects the Adobe Acrobat Reader which is a widely used software among business, non-business organizations and individuals. By abusing Acrobat’s open parameter features well protected sites become vulnerable to Cross-site scripting attacks if they host PDF documents. This is pretty bad and unless you update your reader or change the way your browser handles PDF documents, you may get hacked quite badly. This issue is very serious.
The way attackers use PDF documents to execute… [read more at the original source]