Skip to Main Content

Security Flaw in Trusted Adobe PDF's

Posted on 1.03.2007
Symantec issued an alert that any Adobe PDF (Portable Document Format) file on the Internet could be used by hackers to run rogue JavaScript on a victimized PC. Cross-site scripting vulnerabilities -- "XSS" for short -- are flaws that trick a user's browser into executing untrusted code, usually with the aim of hijacking the system or stealing passwords. Previously, XSS exploits have been limited to Web servers; in other words, the user has to be duped into visiting a malicious Web site. To deter such attacks, Symantec recommended that enterprises filter JavaScript at the firewall, and that all users consider disabling the Acrobat Reader plug-in within their browser. Inside Firefox 1.5, the latter can be accomplished by selecting Tools|Options|Downloads and clicking the "View & Edit Actions" button. In the resulting dialog, choose "PDF" and click "Change Action." Pick "Open them with the default application option," click "OK" and "Close" and "OK."

via InformationWeek

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code