'High risk' zero-day flaw haunts Adobe Acrobat, Reader
Gene Kim-Eng
techwr at genek.com
Wed Oct 24 10:16:24 MDT 2007
It's not possible to be sure without one of those POC PDFs,
but I think there's probably another fix. Go into the "Trust
Manager" in "Preferences," and for both trusted and Non-
trusted documents disable all the permissions, most
especially the "Allow documents to open other files and
launch other applications." This has been my default
setup for Acrobat for as far back as I can remember.
All of these security flaws are the result ot Adobe taking
a perfectly usable application for transmitting electronic
versions of printed documents and stuffing it full of gee-
whiz "user experience" bloatware. The more they
overthink the plumbing the easier it is to stop up the
works.
Gene Kim-Eng
----- Original Message -----
From: "Dan Goldstein" <DGoldstein at riverainmedical.com>
>A free security update to Adobe Reader 8.1.1 is now available at
> http://tinyurl.com/2p2g9r.
>
> Those of us with Adobe Acrobat 7 or earlier can choose between:
>
> * An expensive upgrade to Acrobat 8.1.1
> * Switching to a different PDF reader, such as Foxit.
> * The workaround previously published at http://tinyurl.com/2az4tz
> (you'll need to scroll down)
> * Absolutely, positively uninstalling IE 7
>
> Happy Wednesday!
More information about the TECHWR-L
mailing list