New Year, New Threat

Send to friend

A cross-site scripting vulnerability was disclosed today that affects the Adobe Reader Browser Plug-in prior to version 8.

User interaction is required for exploitation as the vulnerability is triggered when a user follows a JavaScript embedded hyperlink, leading to a .PDF file. It is possible for the link to point to a trusted site. Therefore the target server does not need to host anything malicious for the attack to be successful. McAfee Avert Labs recommends updating to Adobe Reader version 8.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.