The host is installed with Adobe Reader and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in Adobe Reader before 9.4.2, which is caused by improper validation of user-supplied input, when an unspecified parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. Successful exploitation allows attacker to steal the victim's cookie-based authentication credentials.