Nasty Adobe Reader Exploit

Sidepocket · January 7, 2007

A nasty little JavaScript hack that targets Adobe Reader 7.0 via weblinks to a PDF document on the web that was first revealed at the Chaos Computer Club convention in late December was found to be even nastier yesterday. The exploit works by putting JavaScript at the end of a link to a PDF file -- which Reader 7.0 runs, and yesterday a hacker realized that since Adobe Reader 7.0 installs a sample pdf file, the code could be used to get at all documents on a hard drive.

http://blog.wired.com/27bstroke6/2007/01/n...a.html#comments

http://www.pcworld.com/article/id,128411/article.html

http://news.zdnet.com/2100-1009_22-6147428.html

remkow · January 7, 2007

It can also be used as a XSS for cookie stealing...

The exploit is publically available btw, this is the code used for exploiting the vuln:

http://host/filename.pdf#{some text}=javascript:{code}

(got this from milw0rm)

ichthuz · January 8, 2007

i saw this on dl.tv does anyone know if it affects other readers or just ADOBE

Sparda · January 8, 2007

It only effects noobs who have JavaScript enabled :lol:

ichthuz · January 9, 2007

unfortunately for my sanity thats like all the world

logik · January 17, 2007

eek.

Justin Ewing · January 17, 2007

It only effects noobs who have JavaScript enabled

I LIKE THE WAY U THINK!!! LOL

Sign In

Nasty Adobe Reader Exploit

Recommended Posts

Sidepocket

Link to comment

Share on other sites

remkow

Link to comment

Share on other sites

ichthuz

Link to comment

Share on other sites

Sparda

Link to comment

Share on other sites

ichthuz

Link to comment

Share on other sites

logik

Link to comment

Share on other sites

Justin Ewing

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members

Browse

Activity