Friday, January 05, 2007

UXSS in Adobe Acrobat Reader Plugin

At the beginning of new year, I am surprised by the disclosed of multiple vulnerabilities in Adobe Acrobat Reader Plugin.

These vulnerabilities can cause the followings :

  • Universal CSRF / session riding (tested on Mozilla Firefox, Internet Explorer, Opera + Acrobat Reader plugin)
  • UXSS in #FDF, #XML e #XFDF (tested on Mozilla Firefox + Acrobat Reader plugin)
  • Possible Remote Code Execution (tested on Mozilla Firefox + Acrobat Reader plugin)
  • Denial of Service (tested on Internet Explorer + Acrobat Reader plugin)
To anticipate scary things, I use FoxitReader to read PDFs and I also install PDFDownload Plugin for Firefox.

Here are several resources if you want to know more about this thing :

No comments: