The Adobe PDF XSS Vulnerability

Nasty little cross-site scripting attack via PDFs hase been discovered: Chris Shiflett: The Adobe PDF XSS Vulnerability.

Any site that has PDFs is vulnerable. The interesting thing is that it doesn’t compromise the server of the web site. The attack can gain access to the site visitor’s computer by passing some code in the URL referencing the PDF on a site. The post I link to provides info on how to upgrade your own computer and what you can do on the server side to prevent this from being used.

One thought on “The Adobe PDF XSS Vulnerability

  1. Scary stuff. It’s almost worse than if it harmed the server since most servers are backed up regularly and have an IT person(s) to block IPs, install patches, etc.

    Thanks for the tip.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s