Tuesday, February 24, 2009

More on Adobe Reader 0-Day

Secunia is reporting that disabling JavaScript does not prevent exploitation of the Adobe Reader/Acrobat 0-Day Vulnerability:
"During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.

All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not. Hopefully, Adobe will be issuing patches very soon."
In addition to the caution advised by Secunia, it is still advisable to block JavaScript. This can be accomplished on Firefox with NoScript. In addition, WinPatrol users can block the ActiveX. Merely click on the ActiveX tab in WinPatrol, sort by company name to find the Adobe components. Then select the Acrobat reader and click on Disable.

Secunia: Adobe Reader/Acrobat 0-day Clarification

Via SansDiary at Adobe Acrobat pdf 0-day exploit, No JavaScript needed!

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: