The host is installed with Adobe Reader and Acrobat and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fails to properly validate user-supplied input. An unspecified parameter in a specially-crafted URL could execute a script in a victim's Web browser within the security context of the hosting web site, once the URL is clicked. Successful exploitation allows attackers to steal victim's cookie-based authentication credentials.