header-logo
Suggest Exploit
vendor:
by:
Stefano Di Paola
N/A
CVSS
N/A
Unsanitized Input in PDF Browser Plug-in
CWE
Product Name:
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

Stefano Di Paola

Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site.

Mitigation:

Unknown
Source

Exploit-DB raw data:

# Stefano Di Paola
# http://www.wisec.it/

From Secunia:
Input passed to a hosted PDF file is not properly sanitised by the browser plug-in
before being returned to users. This can be exploited to execute arbitrary script code in
a user's browser session in context of an affected site.

Example:
- http://[host]/[filename].pdf#[some text]=javascript:[code]

# milw0rm.com [2007-01-05]

Navigation

Suggest Exploit

Services By CQR