Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability
# Published : 2007-01-05
# Author : Stefano Di Paola
# Previous Title : NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit meta
# Next Title : CA BrightStor ARCserve (tapeeng.exe) Remote Buffer Overflow Exploit

# Stefano Di Paola
# http://www.wisec.it/

From Secunia:
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user's browser session in context of an affected site.

Example:
- http://[host]/[filename].pdf#[some text]=javascript:[code]

# www.Syue.com [2007-01-05]