Here is the definitive fix for Universal PDF XSS Vulnerability
The (in) famous Adobe Acrobat Reader Plugin Universal PDF XSS is the scariest vulnerability discovered this year because it can turn any pdf into an XSS attack vector.
Today Cyrill Brunschwiler released the definitive fix for it. His solution is based on a mechanism to sanitize the malicious pdf link by generating unique session IDs for each pdf request and later check that session id. Because one picture is worth 1000 words here is the schema : 
Many thanks to the Compass Security team for this.
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Monday, February 12th, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Alarming WordPress Security Vulnerabilities »
Next Post: New issue of (IN)SECURE Magazine – Feb 2007 »
Read More
Related Reading:
Latest Posts:
- SC Magazine 2010 Awards Winners
- Qualys Unveils 3 New Services – Some Are FREE!
- OWASP Broken Web Applications – Excelent Learning Tool
- GFI WebMonitor 2009 Review
- ModSecurity 2.5 – New Book Soon To Be Released
- NetWitness releases NextGen version 9.0
- Twitter Weekly Updates for 2009-07-19
- Twitter Weekly Updates for 2009-07-12
- Twitter Weekly Updates for 2009-07-05
- Twitter Weekly Updates for 2009-06-28
