A cross-site scripting vulnerability was disclosed today that affects the Adobe Reader Browser Plug-in prior to version 8.
User interaction is required for exploitation as the vulnerability is triggered when a user follows a JavaScript embedded hyperlink, leading to a .PDF file. It is possible for the link to point to a trusted site. Therefore the target server does not need to host anything malicious for the attack to be successful. McAfee Avert Labs recommends updating to Adobe Reader version 8.
Add a Comment
No messages on this article yet