New Year, New Threat

A cross-site scripting vulnerability was disclosed today that affects the Adobe Reader Browser Plug-in prior to version 8.

User interaction is required for exploitation as the vulnerability is triggered when a user follows a JavaScript embedded hyperlink, leading to a .PDF file. It is possible for the link to point to a trusted site. Therefore the target server does not need to host anything malicious for the attack to be successful. McAfee Avert Labs recommends updating to Adobe Reader version 8.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter