Adobe scripting flaw unearthed | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Search Engine Link Spam
Risks, Threats, Solution
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Gartner Report: How IT Management Can "Green" the Data Center
Establishing energy efficiency
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security »

Adobe scripting flaw unearthed

Browser plug-in peril

By John Leyden → More by this author

Published Thursday 4th January 2007 11:49 GMT

Users are advised to upgrade their Adobe Reader software following the discovery of a potential serious cross-site scripting bug. The vulnerability, which involves Adobe Reader 6.x and Adobe Reader 7.x, means it is possible to execute potential hostile JavaScript code simply by appending it to a PDF's URL.

The flaw, discovered by security researchers Stefano Di Paola and Giorgio Fedon and announced at the Chaos Communication Congress conference in Berlin this week, might be most easily exploited through Adobe Reader browser plug-ins. Users are advised to upgrade to Adobe Reader version 8.0 to defend against attack, or to apply workarounds as suggested by the SANS Institute's Internet Storm Centre here. ®

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Adobe Reader Trojan predates mystery update by two weeks (11 February 2008)
Stealthy Adobe Reader update fixes mystery security bugs (7 February 2008)
Malware spectre haunts Adobe Reader (21 September 2007)
Fake flash player site used to spread malware (22 June 2007)
Bug brace menaces Adobe Photoshop (1 May 2007)
Attackers improve on JavaScript trickery (20 April 2007)
New vulnerability strikes heart of Web 2.0 (3 April 2007)
Adobe targets developers with Apollo (19 March 2007)
150 ways to let hackers in (5 February 2007)
Bug brokers offering higher bounties (25 January 2007)
Adobe Reader update lances multiple bugs (11 January 2007)
Adobe, Symantec press EC to remove Vista tanks from their lawns (22 September 2006)
Adobe adopts monthly patch cycle (15 December 2005)
Adobe warns over PDF peril (17 August 2005)
Adobe update quells Unix PDF peril (6 July 2005)
Adobe patches Acrobat, Reader flaws (17 December 2004)
Adobe anti-counterfeiting code trips up kosher users (15 January 2004)
Cracker spills the beans on PDF flaw (18 June 2003)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Search Engine Link Spam

Spammers are constantly finding new, creative ways to attack your network. Learn how search engine links are the latest weapon of choice.

Whitepapers	Jobs
The Rising Concerns Over Endpoint Security Protecting Online Customers from Man-in-the-Middle Attacks Eliminating the Security Risk of Sending Confidential Information by Email Making Green IT a Reality	Perl/PHP/Rails/HTML/CSS/Javascript developer Object-Oriented Perl Superstars Needed Sr PERL Developer Experiened Perl Developer Full-time PERL / CGI Programmer for UNIX environment

Top 20 stories • All The Week’s Headlines • Archive • Search