A “Universal Cross-Site Scripting (UXSS)” vulnerability is recently reported in all Adobe Reader versions 7.x and prior.
It can be exploited via any web site hosting PDF files, and works in both Firefox and IE (containing Adobe plugin) … For some reason IE7 didn’t get me those popups when i tested exploits… It’s very easy to exploit… here’s the simple universal format:
BTW .... for those who don't know the IMPACT of what i have mentioned; here are a few:
1) XSS can be used to steal cookies, and eventually login in your account, say your GS account.
2) The same flaw also allows CSRF (Cross Site Request Forgery) ..... it's impact is, e.g. You are on eBay and opened a PDF there via a crafted link. This would allow attacker to put a highest BID on your behalf using your eBay credentials. And you won't even know that. Somewhere i read, CSRF could be used to book airline seats without victim's knowledge.
3) Another attack vector of the same flaw allows code execution ONLY if you are using Firefox. This may lead to complete hack of the machine, opening of backdoors, installation of keylogger etc.