Google docs network was vulnerable to PDF re purposing attacks. The vulnerability was disclosed to Google with a discretion. This is done to mitigate the risk . Google has worked over it and patched it with in a period of 5 days. The Google doc has been refined and support for adobe plugin is removed.

The user security is the prime issue because millions of user were at risk if this attack persisted in the open environment. Integrated accounts were more susceptible as certain credentials could be used to access other accounts.

Thanks to Google for considering the recommendation and changing the working behavior of specific components at risk.

The detailed advisory is released here:

[private]

http://www.secniche.org/gmd_hijack/gc_hijack.xhtml

PDF: http://www.secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf

[/private]