[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

Subject: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: "Marvin Simkin" <Marvin.Simkin@xxxxxxx>
Date: Tue, 9 Jan 2007 14:13:48 -0700

> From: Amit Klein [mailto:aksecurity@xxxxxxxxx]
> I think it's a pretty good band-aid until all (hmmm...) clients upgrade to 
> Acrobat Reader 8.0.

I can't find (on 
http://www.adobe.com/products/acrobat/readstep2_allversions.html) Acrobat 
Reader 8.0 for any flavor of Unix, nor for Mac prior to OS 10.4. Since these 
platforms may have browsers that may execute JavaScript, couldn't (for example) 
a cookie-stealing exploit work on them too? Thus am I correctly understanding 
that this is currently unpatched for everyone but Windows and Mac 10.4?

Marvin Simkin

Follow-Ups:
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Ralph Angenendt

References:
- Universal XSS with PDF files: highly dangerous
  - From: pdp (architect)
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: RSnake
- Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
  - From: Amit Klein

Prev by Date: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by Date: Easy Banner Pro Version 2.8 <= Remote File Inclusion
Previous by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by thread: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread