Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous

[pst <pst@xxxxxxxx>]

------=_Part_5842_23181317.1167919366076
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 1/4/07, Larry Seltzer <Larry@larryseltzer.com> wrote:
>
>  Symantec is also reporting that to be vulnerable.
>


Yes i know that's it's a real vulnerability (no need for Symantec for this).
I just wanted to complete/update your list of vulnerable product
combinations, stating the Firefox 2.0.0.1 - Ubuntu - Acrobat Reader 7.0.8 is
not vulnerable.

Here's the link I used:
>
>
> http://www.adobe.com/products/acrobat/pdfs/engineering_sb.pdf#param=javascript:alert(%22heythere%22<http://www.adobe.com/products/acrobat/pdfs/engineering_sb.pdf#param=javascript:alert%28%22heythere%22>
> )
>
>  Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blog.eweek.com/blogs/larry%5Fseltzer/<http://blog.eweek.com/blogs/larry_seltzer/><http://blog.ziffdavis.com/seltzer>
> Contributing Editor, PC Magazine
> larryseltzer@ziffdavis.com
>
>
>  ------------------------------
> *From:* psteichen@gmail.com [mailto:psteichen@gmail.com] *On Behalf Of *
> pst
> *Sent:* Thursday, January 04, 2007 3:20 AM
> *To:* Larry Seltzer
> *Subject:* Re: [WEB SECURITY] Universal XSS with PDF files: highly
> dangerous
>
> Well I have tested it with Firefox 2.0.0.1 on Ubuntu and Acrobat Reader
> 7.0.8 and it seems not be vulnerable. Now I didn't do any tests to check
> if firefox acrobat is the cause ?
>
> ciao,
> pst
>
> On 1/4/07, Larry Seltzer <Larry@larryseltzer.com> wrote:
> >
> > I'm not sure if anyone else has posted this, but it looks to me like
> > Acrobat 6 and 7 are vulnerable, but not 8.
> >
> > Also, all versions of Firefox are vulnerable, IE8 SP1 and earlier are,
> > but IE 6 SP2 and IE7 aren't.
> >
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blog.eweek.com/blogs/larry%5Fseltzer/
> > Contributing Editor, PC Magazine
> > larryseltzer@ziffdavis.com
> >
> >
> > ----------------------------------------------------------------------------
> > The Web Security Mailing List:
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/archive/
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
>

------=_Part_5842_23181317.1167919366076
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div><span class="gmail_quote">On 1/4/07, <b class="gmail_sendername">Larry Seltzer</b> &lt;<a href="mailto:Larry@larryseltzer.com";>Larry@larryseltzer.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">




<div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">Symantec is also reporting that to be vulnerable. </font></span></div></div></blockquote><div><br><br>Yes i know that&#39;s it&#39;s a real vulnerability (no need for Symantec for this). I just wanted to complete/update your list of vulnerable product combinations, stating the 
<span class="e" id="q_10fecd802d031949_3">Firefox <a href="http://2.0.0.1/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">2.0.0.1</a> - Ubuntu - Acrobat Reader 7.0.8 is not vulnerable. <br></span>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2">
Here&#39;s 
the link I used:</font></span></div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2"></font></span>&nbsp;</div>
<div dir="ltr" align="left"><span><font color="#0000ff" face="Arial" size="2"><a href="http://www.adobe.com/products/acrobat/pdfs/engineering_sb.pdf#param=javascript:alert%28%22heythere%22"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.adobe.com/products/acrobat/pdfs/engineering_sb.pdf#param=javascript:alert(%22heythere%22</a>)</font></span></div><span class="q">
<div>&nbsp;</div>
<div align="left">
<div align="left"><font size="2">Larry Seltzer<br>eWEEK.com Security Center 
Editor<br></font><a title="blocked::http://security.eweek.com/
http://security.eweek.com/";><font title="blocked::http://security.eweek.com/"; size="2">http://security.eweek.com/</font></a><br><font face="Arial" size="2"><a title="http://blog.eweek.com/blogs/larry_seltzer/"; href="http://blog.eweek.com/blogs/larry_seltzer/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://blog.eweek.com/blogs/larry%5Fseltzer/</a></font><a title="http://blog.ziffdavis.com/seltzer"; href="http://blog.ziffdavis.com/seltzer"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"><font title="http://blog.ziffdavis.com/seltzer"; size="2">
</font></a></div>
<div align="left"><span><font size="2">Contributing Editor, 
PC Magazine</font></span><br><font size="2"><a href="mailto:larryseltzer@ziffdavis.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">larryseltzer@ziffdavis.com</a> 
</font></div></div>
<div>&nbsp;</div><br>
</span><div dir="ltr" align="left" lang="en-us">
<hr>
<font face="Tahoma" size="2"><b>From:</b> <a href="mailto:psteichen@gmail.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">psteichen@gmail.com</a> 
[mailto:<a href="mailto:psteichen@gmail.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">psteichen@gmail.com</a>] <b>On Behalf Of </b>pst<br><b>Sent:</b> Thursday, 
January 04, 2007 3:20 AM<br><b>To:</b> Larry Seltzer<br><b>Subject:</b> Re: [WEB 
SECURITY] Universal XSS with PDF files: highly dangerous<br></font><br></div><div><span class="e" id="q_10fecd802d031949_3">
<div></div>Well I have tested it with Firefox <a href="http://2.0.0.1"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">2.0.0.1</a> on Ubuntu and Acrobat Reader 7.0.8 and it 
seems <span style="font-weight: bold;">not be</span> vulnerable. Now I didn&#39;t do 
any tests to check if firefox acrobat is the cause ? 
<br><br>ciao,<br>pst<br><br>
<div><span class="gmail_quote">On 1/4/07, <b class="gmail_sendername">Larry 
Seltzer</b> &lt;<a href="mailto:Larry@larryseltzer.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">Larry@larryseltzer.com</a>&gt; 
wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I&#39;m 
  not sure if anyone else has posted this, but it looks to me like<br>Acrobat 6 
  and 7 are vulnerable, but not 8.<br><br>Also, all versions of Firefox are 
  vulnerable, IE8 SP1 and earlier are,<br>but IE 6 SP2 and IE7 aren&#39;t. 
  <br><br>Larry Seltzer<br>eWEEK.com Security Center Editor<br><a href="http://security.eweek.com/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://security.eweek.com/</a><br><a href="http://blog.eweek.com/blogs/larry%5Fseltzer/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://blog.eweek.com/blogs/larry%5Fseltzer/ 
  </a><br>Contributing Editor, PC Magazine<br><a href="mailto:larryseltzer@ziffdavis.com"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">larryseltzer@ziffdavis.com</a><br><br>----------------------------------------------------------------------------
<br>The 
  Web Security Mailing List: <br><a href="http://www.webappsec.org/lists/websecurity/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.webappsec.org/lists/websecurity/</a><br><br>The 
  Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/archive/"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.webappsec.org/lists/websecurity/archive/ 
  </a><br><a href="http://www.webappsec.org/rss/websecurity.rss"; target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.webappsec.org/rss/websecurity.rss</a> 
  [RSS Feed]<br><br></blockquote></div><br></span></div></div>

</blockquote></div><br>

------=_Part_5842_23181317.1167919366076--