[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
- From: "Marvin Simkin" <Marvin.Simkin@xxxxxxx>
- Subject: RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
- Date: Tue, 9 Jan 2007 14:13:48 -0700
> From: Amit Klein [mailto:aksecurity@xxxxxxxxx]
> I think it's a pretty good band-aid until all (hmmm...) clients upgrade to Acrobat Reader 8.0.
I can't find (on http://www.adobe.com/products/acrobat/readstep2_allversions.html) Acrobat Reader 8.0 for any flavor of Unix, nor for Mac prior to OS 10.4. Since these platforms may have browsers that may execute JavaScript, couldn't (for example) a cookie-stealing exploit work on them too? Thus am I correctly understanding that this is currently unpatched for everyone but Windows and Mac 10.4?
Marvin Simkin
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|