Adobe Acrobat Reader Plugin <= 7.0.x - acroreader XSS Vulnerability

ID EDB-ID:3084
Type exploitdb
Reporter Stefano Di Paola
Modified 2007-01-05T00:00:00


Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability. Remote exploit for windows platform

                                            # Stefano Di Paola

From Secunia:
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user's browser session in context of an affected site.

- http://[host]/[filename].pdf#[some text]=javascript:[code]

# [2007-01-05]