Here is the definitive fix for Universal PDF XSS Vulnerability
The (in) famous Adobe Acrobat Reader Plugin Universal PDF XSS is the scariest vulnerability discovered this year because it can turn any pdf into an XSS attack vector.
Today Cyrill Brunschwiler released the definitive fix for it. His solution is based on a mechanism to sanitize the malicious pdf link by generating unique session IDs for each pdf request and later check that session id. Because one picture is worth 1000 words here is the schema : 
Many thanks to the Compass Security team for this.
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Monday, February 12th, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Alarming WordPress Security Vulnerabilities »
Next Post: New issue of (IN)SECURE Magazine – Feb 2007 »
Read More
Related Reading:
Latest Posts:
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!
- My Twitter Notes on 2010-07-18
- My Twitter Notes on 2010-07-11
- My Twitter Notes on 2010-06-27
- Qualys and Imperva Integration: Natural Evolution
- My Twitter Notes on 2010-06-20
- Pro CERT – First Romanian Commercial CERT
- GFI EventsManager 2010 Review
- My Twitter Notes on 2010-06-13
