Cross-Site Scripting Vulnerability in Adobe Acrobat Plug-In added January 4, 2007 US-CERT is aware of a cross-site scripting vulnerability in the Adobe Acrobat Plug-In. The Adobe Acrobat Plug-In allows users to view PDF files inside of a web browser. The Adobe Acrobat Plug-In fails to properly validate URI parameters for JavaScript code. This allows user-supplied JavaScript to execute within the context of the web site hosting the PDF file causing a cross-site scripting vulnerability.
More information about this vulnerability can be found in the following: Vulnerability Note VU#815960 - Adobe Acrobat Plug-In cross domain violation US-CERT encourages users to upgrade to the latest release of Adobe Acrobat Reader as soon as possible. If unable to upgrade, then US-CERT recommends that users take the following actions to help mitigate the security risks: Disable the displaying of PDF documents in the web browser. Disable JavaScript as specified in the Securing Your Web Browser document. Note: Any website that hosts a PDF file may be used as an attack vector or launch point to exploit this vulnerability. Web site and network administrators may wish to filter JavaScript in both URLs and leaving the network to prevent their websites from being leveraged in attacks. Information on how to filter JavaScript out of URLs is available in VU#815960. --------------------------------------------------------------------- Eliminate annoying spam! My mailbox is protected by iHateSpam, the #1-rated spam buster. http://www.ihatespam.net -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Walt Smith Sent: Friday, January 12, 2007 3:30 PM To: JAWS-Users Subject: [JAWS-Users] Re: Adobe Reader 8 and JAWS Can you point to any articles or other information on this? I have not heard this until this discussion. ----- Original Message ----- From: "Baracco, Andrew W" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, January 12, 2007 1:41 PM Subject: [JAWS-Users] Re: Adobe Reader 8 and JAWS I understand that there are major security issues with Adobe 7. Andy --~--~---------~--~----~------------~-------~--~----~ Visit the JAWS Users List home page at: http://www.jaws-users.com Address for the list archives: http://www.mail-archive.com/jaws-users-list%40googlegroups.com/ Address to contact the management team: [EMAIL PROTECTED] You received this message because you are subscribed to the Google Groups "JAWS Users List" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/jaws-users-list?hl=en -~----------~----~----~----~------~----~------~--~---
