Acrobat flaw could spawn Web attacks

An error in the Web browser plug-in of Adobe Systems' tool lets cybercrooks co-opt the address of any Web site that hosts an Adobe PDF file for use in attacks, Symantec and VeriSign iDefense said. An attacker could construct seemingly trusted links and add malicious JavaScript code that will run once the link is clicked, they said.

For example, an attacker could find a PDF file on a bank Web site and then create a hostile link to that file along with malicious JavaScript, Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, said in a statement. Acrobat flaw could spawn Web attacks | CNET

Linked by shanmuga Thursday, 4th January 2007 2:35AM