I just got pointed to a couple of interesting posts on cross site scripting using plugins and other things that are on the user's system. The most interesting was a blog posting yesterday on Disenchant's blog on how to use the Adobe Acrobat plugin to perform cross site scripting using any pdf file found on the website. A URL of the following format:
http://some.random.site.com/foo.pdf#something=javascript:alert(123);
Will execute the script. I also got pointed to another followup of the same issue on the Gnucitizen blog.
I'm going to have a look into this issue and find out some combinations of where this issue is exploitable, and any where it isn't (if any). More to follow...
Edit: So far confirmed as working on the following combinations:
- Firefox / Adobe Acrobat Reader plugin / Windows XP SP2
- IE6 / Adobe Acrobat 6 (Pro) plugin / Windows XP SP2
- Firefox / Adobe Acrobat Reader plugin / Linux
Found this useful? Then Digg It.
Comments (1)
Hi, I'm sorry for the delay, but the Adobe Security Advisory on the subject is now live:
http://www.adobe.com/support/security/advisories/apsa07-01.html
tx, jd/adobe
Posted by John Dowdell | January 5, 2007 6:59 AM
Posted on January 5, 2007 06:59