Software maker Adobe released new patches to fix XSS flaw. California based company issued two separate bulletins on which it promises to prevent cross-site scripting issue.
Top researches such US government and computer emergency respond team (CERT) said that hackers can use XSS to inject malicious code when document opens in Internet Explorer and Firefox browsers.
Portable Document File (PDF) widely used in businesses and government agencies and generally safe and secure form of transmitting a document. But recently it was discovered that it is possible to inject code into the browser and when document is open attached malwere is open and copied to a PC. Such attacks were launched on large database sites as eBay.com and government agencies. Software specialists call issue serious and possible to be a threat to large networking companies.
Several Adobe products were affected by the flaw ColdFusion MX 7, ColdFusion MX 7.0.1, and ColdFusion MX 7.0.2 programs.
"For many, the PDF has become the de-facto standard for exchanging documents," McAfee researcher Karthik Raman wrote in a blog posted on Jan. 9. "In using PDFs, some wish to sidestep the risks of malware-prone Microsoft Office documents, but with the announcement of six new PDF-related vulnerabilities in several security forums last week, we should all now be more careful with PDFs."
The best advice for Adobe users is not to ignore any updates and download latest versions, patches and make sure your program is up to date.
Vladimir Dubchak
Right Observer
Posted January 11th, 2007 by vladdubchak
