'High risk' zero-day flaw haunts Adobe Acrobat, Reader

[Jan Cohen]

And there's one more fix for those who aren't afraid to mess with their Registry.  I checked a little while ago and was exposed, followed the instructions that are available via the tinyurl mentioned below, and now feel absolutely safe and secure knowing that my machine won't be violated by the unscrupulous.

At least until the next security notice comes out.

jan cohen
www.theshininglamp.com

----- Original Message ----
From: Gene Kim-Eng <techwr at genek.com>
To: techwr-l at lists.techwr-l.com
Sent: Wednesday, October 24, 2007 12:16:24 PM
Subject: Re: 'High risk' zero-day flaw haunts Adobe Acrobat,  Reader


It's not possible to be sure without one of those POC PDFs,
but I think there's probably another fix.  Go into the "Trust
Manager" in "Preferences," and for both trusted and Non-
trusted documents disable all the permissions, most
especially the "Allow documents to open other files and
launch other applications."  This has been my default
setup for Acrobat for as far back as I can remember.

All of these security flaws are the result ot Adobe taking 
a perfectly usable application for transmitting electronic 
versions of printed documents and stuffing it full of gee-
whiz "user experience" bloatware.   The more they
overthink the plumbing the easier it is to stop up the
works.

Gene Kim-Eng

----- Original Message ----- 
From: "Dan Goldstein" <DGoldstein at riverainmedical.com>

>A free security update to Adobe Reader 8.1.1 is now available at
> http://tinyurl.com/2p2g9r.
> 
> Those of us with Adobe Acrobat 7 or earlier can choose between:
> 
> * An expensive upgrade to Acrobat 8.1.1
> * Switching to a different PDF reader, such as Foxit.
> * The workaround previously published at http://tinyurl.com/2az4tz
> (you'll need to scroll down)
> * Absolutely, positively uninstalling IE 7