Most Popular Stories
- One on One with Arpan Shah of Microsoft Sharepoint
- IBM will snag half of India's outsoucing work by 2010
- Vendors prepare for Obama's electronic medical records change
- Teen sends 14,528 text messages in a single month
- Coke uses RFID for drink dispensers
- Forrester report predicts web content management will grow in spite of economy
Events
- CTO Telecom Summit
Nov 8-11, 2009 — Four Seasons Resort – Scottsdale, AZ
Sponsored Links
Free Newsletter
Latest News
Popular Topics
Whitepapers
Adobe Reader bug allows access to user's local drive
You'll recall that yesterday, we reported on an Adobe Reader flaw that could allow a malicious PDF link to trigger a Universal Cross Site Scripting (UXSS) attack via plug-ins in Firefox and Opera. Well, it turns out that that bug may be far more critical than initially suspected. It has been discovered that by directing a PDF link to a PDF on the user's hard drive using a bit of JavaScript, a hacker could gain access to that local drive. "This means any JavaScript can access the user's local machine," said Billy Hoffman, lead engineer for SPI Dynamics. "Depending on the browser, this means the JavaScript can read the user's files, delete them, execute programs, send the contents to the attacker, et cetera." As we noted yesterday, Adobe Reader users are being advised to upgrade to version 8 until Adobe issues a patch for older versions.
ALSO: OpenOffice has patched a highly-critical flaw. Article
Related Stories
- Fix your worst PC nightmares
- How to: Customize iTunes
- How to: Watch XviD and DivX files on your Apple TV
- Firefox URL-handling bug re-emerges
- Mozilla: We'll patch flaws in 10 [expletive] days
- Ubuntu 7.10 Gutsy Gibbon released
- ALSO NOTED: Apple sells 1 million iPhones; Firefox reaches the 400 million downloads mark;
- Internet Explorer loses more market share
- Adobe releases critical bug fixes, new workarounds
- Adobe to release Reader fix this week
Comments
Post new comment
Home
| Subscribe | Advertise | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe© 2009 FierceMarkets, Inc. All rights reserved. |
![]() |







Click here to get the FierceCIO:TechWatch email newsletter for FREE!
Be the first to comment