Adobe Acrobat JavaScript Execution Bug 94
QASec.com writes to mention that Stefano Di Paola and Giorgio Fedon discovered an unpatched vulnerability in Adobe Acrobat Reader that can allow an attacker to execute arbitrary JavaScript on any hosted PDF file. People are reporting different results based on browser and Acrobat versions. Most of the major sites discussed have already fixed the problem, but many smaller sites may still need to be patched.
Foxit? (Score:3, Interesting)
Which Versions? (Score:1, Interesting)
I don't like PDF (Score:5, Interesting)
The PDF was formed with parameters linking to a second pdf base document.
From Firefox on Windows with internet explorer disabled the pdf opened inside acrobat then proceeded to display the resulting PDF file in internet explorer.
I haven't seen IE now for ages and that made me nervous as hell.
Re:The whole architecture is fatally flawed (Score:4, Interesting)
Re:Let's be clear: bug is in Reader (Score:2, Interesting)
Re:The whole architecture is fatally flawed (Score:4, Interesting)
Take this from the LAST sunsolve weekly report:
Newly Released Sun Alert Notifications
Sun Alert ID: 102729 (RESOLVED)
Synopsis: Security Vulnerabilities in the Java Runtime
Environment may Allow Untrusted Applets to Elevate
Privileges and Execute Arbitrary Code
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 19-Dec-2006
Date Closed: 19-Dec-2006
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetk
Sun Alert ID: 102731 (RESOLVED)
Synopsis: Security Vulnerabilities Related to Serialization
in the Java Runtime Environment may Allow Untrusted
Applets to Elevate Privileges
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 19-Dec-2006
Date Closed: 19-Dec-2006
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetk
Sun Alert ID: 102732 (RESOLVED)
Synopsis: Security Vulnerabilities in the Java Runtime
Environment may Allow an Untrusted Applet to Access
Data in Other Applets
Product: Java 2 Platform, Standard Edition
Category: Security
Date Released: 19-Dec-2006
Date Closed: 19-Dec-2006
To view this Sun Alert document please go to the following URL:
http://sunsolve.sun.com/search/document.do?assetk