Skip to Main Content

Security Flaw in Trusted Adobe PDF's

Posted on 1.03.2007
Symantec issued an alert that any Adobe PDF (Portable Document Format) file on the Internet could be used by hackers to run rogue JavaScript on a victimized PC. Cross-site scripting vulnerabilities -- "XSS" for short -- are flaws that trick a user's browser into executing untrusted code, usually with the aim of hijacking the system or stealing passwords. Previously, XSS exploits have been limited to Web servers; in other words, the user has to be duped into visiting a malicious Web site. To deter such attacks, Symantec recommended that enterprises filter JavaScript at the firewall, and that all users consider disabling the Acrobat Reader plug-in within their browser. Inside Firefox 1.5, the latter can be accomplished by selecting Tools|Options|Downloads and clicking the "View & Edit Actions" button. In the resulting dialog, choose "PDF" and click "Change Action." Pick "Open them with the default application option," click "OK" and "Close" and "OK."

via InformationWeek
WebsiteMagazineMiniLogo
Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

      
    ACCELERATE YOUR 'NET SUCCESS:

    Request a PRO-LEVEL Subscription to Website Magazine and receive a free copy of our new book SEO 360.

    wm-monthly-plan

    The Ultimate Guide to Personalization

    Kibo