UXSS in Adobe Acrobat Reader Plugin

At the beginning of new year, I am surprised by the disclosed of multiple vulnerabilities in Adobe Acrobat Reader Plugin.

These vulnerabilities can cause the followings :

• Universal CSRF / session riding (tested on Mozilla Firefox, Internet Explorer, Opera + Acrobat Reader plugin)
• UXSS in #FDF, #XML e #XFDF (tested on Mozilla Firefox + Acrobat Reader plugin)
• Possible Remote Code Execution (tested on Mozilla Firefox + Acrobat Reader plugin)
• Denial of Service (tested on Internet Explorer + Acrobat Reader plugin)
  

To anticipate scary things, I use FoxitReader to read PDFs and I also install PDFDownload Plugin for Firefox.

Here are several resources if you want to know more about this thing :

• Stefano Di Paola posting which started it all
• PDF= Potential Death File?
• Acrobat Reader suffers major XSS flaw
• DANGER, DANGER, DANGER
• UXSS Day One Wrapup
• Universal PDF XSS After Party
• PDF XSS Can Compromise Your Machine
• Hacking with Browser Plugins