Adobe Reader Open Parameters XSS
A feature called Open Parameters within older versions of the Adobe Reader browser plug-in can be corrupted with malicious content.
In a conference paper titled "Subverting Ajax," security researchers Stefano Di Paola and Giorgio Fedon identified multiple cross-site scripting (XSS) vulnerabilities. One flaw in particular, the open parameters vulnerability, is quite easy to execute on vulnerable versions of Adobe Reader. A malicious attack can be carried out by referencing any Web-based PDF file and supplying potentially malicious JavaScript code as an open parameter to any Web-based PDF file. For example
http://www.(domain name).com/file.pdf#whatever_name_you_want=javascript:your_code_here
The researchers contacted Adobe in October with their findings and only recently made their work public. Adobe has since released version 8 of Adobe Reader which no longer allows appended JavaScript within site URLs. However, many users continue to use older versions of the Adobe Reader plug-in and should update as soon as possible.
Additional Resources:
- Vendor Patch Information: Adobe Reader 8
- Wise Security: Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
- Gnucitizen: Danger, Danger, Danger