WebApp Sec: RE: Universal PDF XSS Remediation (Fix)

["Cyrill Brunschwiler" <cyrill.brunschwiler () csnc ch>]

Pdp,

I agree, it's a client issue and to fix it entirely one has to update
Acrobat. 

> pdp wrote:
>
> IMHO, you misunderstand the impact of this vulnerability. You are
> assuming that the user clicks on a pdf link which executes the
> malicious JavaScript. That's not always the case. I've seen various
> solutions to this issue and none of them work. The best thing to do is
> to upgrade to Reader 7.9 or 8. Even when you try to do some crazy
> redirection-token-magic :), it is up to the client to decide how that
> is going to be processed. In several simple steps the remote PDF file
> can be cached and recalled via
>
> <object data="http://[path to file]"></object>
>
> this also bypasses the content-disposition fix plus several 
> other fixes.
Did you allready discribe that behavior anywhere, i'd really like to know
bit more about the "several simple steps".
> As I said, the best thing to do is to upgrade. Use JavaScript to check
> the version of the PDF plugin and if it is less then 7.9 prompt the
> user. This is it.
As we all know, it relies on the user whether he/she's going to definitely
patch his/her software. Nonetheless, I would be interested in that
JavaScript.

Thanks,
Cyrill


-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of 
sensitive data - personal, medical and financial - are exchanged, and 
stored. Consumers expect and demand security for this information. This 
whitepaper examines a few vulnerability detection methods - specifically 
comparing and contrasting manual penetration testing with automated 
scanning tools. Download "Automated Scanning or Manual Penetration 
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fH6
--------------------------------------------------------------------------