[<prev] [next>] [day] [month] [year] [list]
Message-ID: <29339305.306791167919325417.JavaMail.juha-matti.laurio@netti.fi>
Date: Thu, 4 Jan 2007 16:02:05 +0200 (EET)
From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi>
To: Larry Seltzer <Larry@...ryseltzer.com>,
Thierry Zoller <Thierry@...ler.lu>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
pdp.gnucitizen@...glemail.com, sven.vetsch@...enchant.ch,
websecurity@...appsec.org
Subject: Re: RE: [Full-disclosure] Universal XSS with PDF files: highly
dangerous
Additionally, the public PoC doesn't work on Preview version 3.0.8 (409) on OS X 10.4.8.
- Juha-Matti
Larry Seltzer <Larry@...ryseltzer.com> wrote:
> >>"According to public reports, this vulnerability is addressed in Adobe
> Acrobat Reader 8.0."
>
> I've actually tested it. On Reader 8 Acrobat you get a messagebox that
> says "This operation is not allowed"
>
> Larry Seltzer
> eWEEK.com Security Center Editor
> http://security.eweek.com/
> http://blog.eweek.com/blogs/larry%5Fseltzer/
> Contributing Editor, PC Magazine
> larryseltzer@...fdavis.com
Powered by blists - more mailing lists