Stefano Di Paola and Giorgio Fedon have discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site.
-----------------------------------------------------
This vulnerability is minor compared to the others found in Adobe 7 and below. If you haven't installed Adobe Reader 8 yet, I would suggest such a move.
No comments:
Post a Comment