Multiple Linux Vendor Xpdf Embedded URL Vulnerability

When a user clicks a URL, xpdf 0.90 and earlier starts the viewer (netscape by default) but does not properly handle shell meta characters, making it possible for to embed malicious code within PDF files.

As well, these versions create files in /tmp insecurely, raising the possibility of symbolic link attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus