UXSS in Adobe Acrobat Reader Plugin

At the beginning of new year, I am surprised by the disclosed of multiple vulnerabilities in Adobe Acrobat Reader Plugin.

These vulnerabilities can cause the followings :

  • Universal CSRF / session riding (tested on Mozilla Firefox, Internet Explorer, Opera + Acrobat Reader plugin)
  • UXSS in #FDF, #XML e #XFDF (tested on Mozilla Firefox + Acrobat Reader plugin)
  • Possible Remote Code Execution (tested on Mozilla Firefox + Acrobat Reader plugin)
  • Denial of Service (tested on Internet Explorer + Acrobat Reader plugin)

To anticipate scary things, I use FoxitReader to read PDFs and I also install PDFDownload Plugin for Firefox.

Here are several resources if you want to know more about this thing :

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s