Adobe Reader Bugs

There are a number of bugs in the Adobe Acrobat Plug-In for browsers, and in the free Adobe Reader 6 and 7. A malicious website may be able to caryy out cross-site scripting attacks because the browser plug-in doesn't correctly validate URI parameters. US CERT says that it appears the bugs were fixed in Adobe Reader 8. Read their report at http://www.kb.cert.org/vuls/id/815960. Stefano Di Paola, Giorgio Fedon, and Elia Florio are credited with finding these bugs. UPDATE: Adobe now has a bulletin at http://www.adobe.com/support/security/advisories/apsa07-01.html.