<<< Date Index >>>     <<< Thread Index >>>

RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous



> From: Amit Klein [mailto:aksecurity@xxxxxxxxx]
> I think it's a pretty good band-aid until all (hmmm...) clients upgrade to 
> Acrobat Reader 8.0.

I can't find (on 
http://www.adobe.com/products/acrobat/readstep2_allversions.html) Acrobat 
Reader 8.0 for any flavor of Unix, nor for Mac prior to OS 10.4. Since these 
platforms may have browsers that may execute JavaScript, couldn't (for example) 
a cookie-stealing exploit work on them too? Thus am I correctly understanding 
that this is currently unpatched for everyone but Windows and Mac 10.4?

Marvin Simkin