Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Acrobat JavaScript Execution Bug

Posted by ScuttleMonkey on from the oops dept.

QASec.com writes to mention that Stefano Di Paola and Giorgio Fedon discovered an unpatched vulnerability in Adobe Acrobat Reader that can allow an attacker to execute arbitrary JavaScript on any hosted PDF file. People are reporting different results based on browser and Acrobat versions. Most of the major sites discussed have already fixed the problem, but many smaller sites may still need to be patched.

2 of 94 comments (clear)

  1. Work around? by Anonymous Coward · · Score: 5, Funny

    It's typical that they don't mention any work around. I'll be the first to put one up; first open up a command prompt then run

      chmod -x `which acrobat`
      rpm --erase acrobat
      rpm --install xpdf

    there, couldn't be simpler. If you find these commands don't work on your system, you either need to use the "apt" command instead of "rpm" or upgrade your operating system. If you are running OpenBSD and you've managed to install and run acrobat then you don't need my instructions.

  2. What the hell? by Anonymous Coward · · Score: 1, Funny

    What the fuck is with this bullshit that posting ANONYMOUSLY still cancels out any moderations you have made? Oh, and better still, those points are wasted forever instead of being given back to you (which is what "Undone" like it fucking says would imply).