[Full-disclosure] Universal XSS with PDF files: highly dangerous
Juha-Matti Laurio
juha-matti.laurio at netti.fi
Thu Jan 4 14:02:05 GMT 2007
Additionally, the public PoC doesn't work on Preview version 3.0.8 (409) on OS X 10.4.8.
- Juha-Matti
Larry Seltzer <Larry at larryseltzer.com> wrote:
> >>"According to public reports, this vulnerability is addressed in Adobe
> Acrobat Reader 8.0."
>
> I've actually tested it. On Reader 8 Acrobat you get a messagebox that
> says "This operation is not allowed"
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blog.eweek.com/blogs/larry%5Fseltzer/
> Contributing Editor, PC Magazine
> larryseltzer at ziffdavis.com
Full-Disclosure is hosted and sponsored by Secunia.