Nasty little cross-site scripting attack via PDFs hase been discovered: Chris Shiflett: The Adobe PDF XSS Vulnerability.
Any site that has PDFs is vulnerable. The interesting thing is that it doesn’t compromise the server of the web site. The attack can gain access to the site visitor’s computer by passing some code in the URL referencing the PDF on a site. The post I link to provides info on how to upgrade your own computer and what you can do on the server side to prevent this from being used.
Scary stuff. It’s almost worse than if it harmed the server since most servers are backed up regularly and have an IT person(s) to block IPs, install patches, etc.
Thanks for the tip.