Sidepocket Posted January 7, 2007 Share Posted January 7, 2007 A nasty little JavaScript hack that targets Adobe Reader 7.0 via weblinks to a PDF document on the web that was first revealed at the Chaos Computer Club convention in late December was found to be even nastier yesterday. The exploit works by putting JavaScript at the end of a link to a PDF file -- which Reader 7.0 runs, and yesterday a hacker realized that since Adobe Reader 7.0 installs a sample pdf file, the code could be used to get at all documents on a hard drive. http://blog.wired.com/27bstroke6/2007/01/n...a.html#comments http://www.pcworld.com/article/id,128411/article.html http://news.zdnet.com/2100-1009_22-6147428.html Quote Link to comment Share on other sites More sharing options...
remkow Posted January 7, 2007 Share Posted January 7, 2007 It can also be used as a XSS for cookie stealing... The exploit is publically available btw, this is the code used for exploiting the vuln: http://host/filename.pdf#{some text}=javascript:{code} (got this from milw0rm) Quote Link to comment Share on other sites More sharing options...
ichthuz Posted January 8, 2007 Share Posted January 8, 2007 i saw this on dl.tv does anyone know if it affects other readers or just ADOBE Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 8, 2007 Share Posted January 8, 2007 It only effects noobs who have JavaScript enabled Quote Link to comment Share on other sites More sharing options...
ichthuz Posted January 9, 2007 Share Posted January 9, 2007 unfortunately for my sanity thats like all the world Quote Link to comment Share on other sites More sharing options...
logik Posted January 17, 2007 Share Posted January 17, 2007 eek. Quote Link to comment Share on other sites More sharing options...
Justin Ewing Posted January 17, 2007 Share Posted January 17, 2007 It only effects noobs who have JavaScript enabled I LIKE THE WAY U THINK!!! LOL Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.