The Adobe PDF XSS Vulnerability
Nasty little cross-site scripting attack via PDFs hase been discovered: Chris Shiflett: The Adobe PDF XSS Vulnerability.
Any site that has PDFs is vulnerable. The interesting thing is that it doesn’t compromise the server of the web site. The attack can gain access to the site visitor’s computer by passing some code in the URL referencing the PDF on a site. The post I link to provides info on how to upgrade your own computer and what you can do on the server side to prevent this from being used.
Comments
-
Fred Simmons
Scary stuff. It’s almost worse than if it harmed the server since most servers are backed up regularly and have an IT person(s) to block IPs, install patches, etc.
Thanks for the tip.
Leave a Reply
Details About this Article
This article was written on January 12, 2007 at 03:17pm and is categorized under:
There is currently 1 comment on this article.
Previous article: Outlook 2007 to Use Word for Rendering HTML E-mail
Next article: Will Card Sort for Conference Registration
Subscribe to All Articles
Contact David
C. David Gammel, CAE President High Context Consulting, LLC 102 W. William Street Salisbury, MD 21801
Phone: 410-742-9088
Fax: 240-536-9147
Email: david@highcontext.com
Copyright © 2008 High Context Consulting
Privacy Policy: HCC will never share your information with anyone without your permission.