RE: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
> From: Amit Klein [mailto:aksecurity@xxxxxxxxx]
> I think it's a pretty good band-aid until all (hmmm...) clients upgrade to
> Acrobat Reader 8.0.
I can't find (on
http://www.adobe.com/products/acrobat/readstep2_allversions.html) Acrobat
Reader 8.0 for any flavor of Unix, nor for Mac prior to OS 10.4. Since these
platforms may have browsers that may execute JavaScript, couldn't (for example)
a cookie-stealing exploit work on them too? Thus am I correctly understanding
that this is currently unpatched for everyone but Windows and Mac 10.4?
Marvin Simkin