Universal PDF XSS

From OWASP
Jump to: navigation, search

Universal PDF XSS vulnerability is a problem with the Acrobat Reader plug-in that was discovered in late 2006 and which allows any PDF document (hence the word "Universal") to be used to execute arbitrary JavaScript code in the context of the web site hosting the PDF document.

More information can be found in Media:Protecting_Web_Applications_from_Universal_PDF_XSS.ppt.