Adobe Reader Flaw Uncovered By Researchers

Security researchers have discovered a cross-site scripting (XSS) vulnerability affecting the widely used Adobe Acrobat Reader software that could make it easy for attackers to launch malicious code. The flaw, revealed by security researchers Stefano Di Paola and Giorgio Fedon last week at the Chaos Communications Congress hacker convention in Berlin, could allow attackers to manipulate the Adobe Reader browser plug-in to execute arbitrary JavaScript on the client side simply by adding code to the URL of an online PDF file and getting users to click on the link.

The XSS vulnerability is made possible by the Open Parameters feature in Adobe Reader, which makes it possible to open a PDF file using a URL and specify which content to show and how to display it. In a Wednesday advisory sent to its Deepsight threat management customers, Symantec warned that because Open Parameters exists in most Adobe Reader applications and browser plug-ins, the flaw could lead to a wave of XSS attacks against client-side targets.

View: The full story
News source: CRN

Report a problem with article
Previous Story

Has your Office eXPired?

Next Story

MSI to showcase AMD Live! systems at CES

3 Comments

Commenting is disabled on this article.

Aero Ultimate said,
Adobe Reader is bloated garbage anyway. Foxit Reader is much better! :cool:

This is an article about Adobe Reader, not some third-party knock off. Keep it on-topic.