Adobe scripting flaw unearthed

Browser plug-in peril

Thu 4 Jan 2007 // 11:49 UTC

Users are advised to upgrade their Adobe Reader software following the discovery of a potential serious cross-site scripting bug. The vulnerability, which involves Adobe Reader 6.x and Adobe Reader 7.x, means it is possible to execute potential hostile JavaScript code simply by appending it to a PDF's URL.

The flaw, discovered by security researchers Stefano Di Paola and Giorgio Fedon and announced at the Chaos Communication Congress conference in Berlin this week, might be most easily exploited through Adobe Reader browser plug-ins. Users are advised to upgrade to Adobe Reader version 8.0 to defend against attack, or to apply workarounds as suggested by the SANS Institute's Internet Storm Centre here. ®

More about

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Channel

Adobe scripting flaw unearthed

Browser plug-in peril

More about

TIP US OFF

Other stories you might like

Meta lets Llama 3 LLM out to graze, claims it can give Google and Anthropic a kicking

US Air Force says AI-controlled F-16 fighter jet has been dogfighting with humans

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

A different view from the edge

Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims

Stability AI decimates staff just weeks after CEO's exit

IBM accused of cheating its own executive assistants out of overtime pay

Google fires 28 staff after sit-in protest against Israeli cloud deal ends in arrests

Feds hit coding boot camp with big fine for allegedly conning students

Microsoft aims to triple datacenter capacity to fuel AI boom

House passes bill banning Uncle Sam from snooping on citizens via data brokers

October 2025 will be a support massacre for a bunch of Microsoft products

About Us

Our Websites

Your Privacy