The SANS Internet Storm Center has reported a cross-site
scripting flaw in Adobe’s PDF Reader software.
The flaw has also been reported by Symantec and various
independent security researchers, and allows an attacker to run
arbitrary code on a user’s machine by getting them to open a link
to a website via an e-mail.
A hacker would use Javascript attached to a target PDF hosted on
a website to conduct the attack, said SANS.
Adobe has so far not commented on the reported flaw.
The threat can be mitigated by turning off Javascript in the
browser, but that would block interactive content on many
websites.
The SANS report on the problem can be read here:
http://isc.sans.org/diary.php?storyid=1999&isc=3a3147dbdcd305281beef045db5da0cb
Comment on this article:
computer.weekly@rbi.co.uk