The Channel logo


By | John Leyden 4th January 2007 11:49

Adobe scripting flaw unearthed

Browser plug-in peril

Users are advised to upgrade their Adobe Reader software following the discovery of a potential serious cross-site scripting bug. The vulnerability, which involves Adobe Reader 6.x and Adobe Reader 7.x, means it is possible to execute potential hostile JavaScript code simply by appending it to a PDF's URL.

The flaw, discovered by security researchers Stefano Di Paola and Giorgio Fedon and announced at the Chaos Communication Congress conference in Berlin this week, might be most easily exploited through Adobe Reader browser plug-ins. Users are advised to upgrade to Adobe Reader version 8.0 to defend against attack, or to apply workarounds as suggested by the SANS Institute's Internet Storm Centre here. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe