Well within the past few months there have been several browser-related vulnerabilities. This time around a concern has been raised regarding the AdobeReader PDF-plugin.
Now with the PDF plugin, one of the features it offers is the use of what they would refer to as “Open Parameters”. These parameters can be specified in the URL. Take for example the SEARCH parameter:
http://www.somesite.org/somefolder/somefile.pdf #search=”keyword”
Taking this into consideration, you can simply create and execute your own script by specifying your own parameters. Using the following format:
http://[URL]/[FILENAME].pdf# something=javascript:alert(123);
This merely executes a javascript which shows an alert message, but we all know that malware authors can think up of more creative ways of exploiting this vulnerability. (hmm.. another AJAX worm perhaps?)
The attack is made possible by the security flaw that exists in the PDF plugin for browsers. Normally, most XSS attacks can be alleviated by fixing and patching the vulnerable scripts/browser or by adding security checks on the server-side. However in this case, the issue has already been fixed in the latest version of Adobe Reader (Ver. 8). It would be best to update your software ASAP to avoid any further problems.