Adobe Reader Multiple Vulnerabilities

How cool is this for a bug. Dead easy to replicate and potentially very deadly! Basically it is possible to pass parameters toa pdf doc to do things to it.  Check out this link (http://www.disenchant.ch/blog/hacking-with-browser-plugins/34)

Would seem it only affects Adobe Reader 6.x and 7.x. On  my vista machine it tells me of an issue loading the page and I get the option to reload it and that takes off everything after the #


Source: http://secunia.com/advisories/23483

Stefano Di Paola and Giorgio Fedon have discovered some vulnerabilities in Adobe Reader, which can be exploited by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, cause a DoS (Denial of Service), or to compromise a user’s system.

1) Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users.


Try this to see if you need to patch your pdf reader: http://www.adobe.com/products/acrobat/pdfs/AdobePDFSecurityGuide.pdf#something=javascript:alert(window.navigator.userAgent)

Leave a Reply

%d bloggers like this: