Here is the definitive fix for Universal PDF XSS Vulnerability
The (in) famous Adobe Acrobat Reader Plugin Universal PDF XSS is the scariest vulnerability discovered this year because it can turn any pdf into an XSS attack vector.
Today Cyrill Brunschwiler released the definitive fix for it. His solution is based on a mechanism to sanitize the malicious pdf link by generating unique session IDs for each pdf request and later check that session id. Because one picture is worth 1000 words here is the schema : 
Many thanks to the Compass Security team for this.
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Monday, February 12th, 2007 and is filed under Articles, Web Applications.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Alarming WordPress Security Vulnerabilities »
Next Post: New issue of (IN)SECURE Magazine - Feb 2007 »
Read More
Related Reading:
Latest Posts:
- 8 mm Vulnerability Management Presentation
- Gemalto - Security To Be Free
- Free alternative to ArcSight ESM ? Hardly..
- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
