PDF links may have a sting in the tail

Stephen Withers
Thursday, 04 January 2007 03:23

Your IT - Home IT

A weakness in the Adobe Reader plugin's execution of JavaScript can be combined with a cross site scripting attack with "breathtaking" ease, a security researcher has warned.

Writing in Symantec's Security Response Weblog, senior security response engineer Hon Lau said an attack could be made via any web site that hosts a PDF file as no server-side vulnerabilities were involved: "anybody hosting a .pdf file, including well-trusted brands and names on the Web, could have their trust abused and become unwilling partners in crime."

An exploit would involve persuading a user to click on a specially-formed URL that points to a legitimate PDF file but also contains JavaScript attack code. "Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," warned Lau.

However, the problem seems to be specific to Firefox and can be avoided by changing settings so that PDF files are opened by the Acrobat Reader application rather than the plugin, Lau advised. Other defences include JavaScript filtering at the firewall.