Javascript code as described above, the plugin does not detect that case and Information for the forms is retrieved from the URL.Įvidently Adobe does not check for FDF or two other similar argument typesĪnd blindly asks the browser to fetch the URL specified. It canĪlso be used to populate PDF forms using '#FDF=URL' arguments and the With other mechanisms for viewing PDFs from the web (including using theĪcroread external program that is also supplied by Adobe).Īrguments can be passed to the plugin via the information after the '#' andĬan be used to specify a specific page or search string in the PDF. The vulnerability exploits a feature of the Adobe plugin that is not shared Into an XSS attack that makes this vulnerability so insidious. It is the ability to turn any PDF hosted on any site
The attacker need not have any access to the PDF file,īut can have his code executed while appearing to be a simple download from Hosted somewhere on the net, quite possibly at a site that is trustedīy the user. The host and path to file are legitimate URL paths to a PDF file that is The crux of the vulnerability is a link with a URL of the following form:
Sven Vetsch discovered another wrinkle and publicized The technique was first disclosed last week at the 23rd Chaos CommunicationĬongress by Stefano Di Paola and Giorgio Fedon in theirĪJAX presentation. Only available for Windows, no word yet on a fix for the Linux plugin (which Adobe has fixed the problem in Acrobat version 8 which is Proof of conceptĮxploits have been published on Bugtraq as well as several blogsįor example). Who have installed the Adobe Reader (Acrobat/PDF) plugin. Scripting (XSS) vulnerability has surfaced that impacts Firefox users This article was contributed by Jake Edge.
0 kommentar(er)
