Good afternoon, our company utilizes the PDFBox software and have been notified by our internal IT staff that there is a potential risk for programs developed with Java code, where they deserialize untrusted data without verifying the results first. Would anyone on this mailing list be able to advise as to whether this particular software is at risk.
Additional background about the vulnerability is available at the following web link: http://cwe.mitre.org/data/definitions/502.html Due to the nature of this particular risk our company is very concerned and appreciate any insight and assistance in determining this would be appreciated. If there are any questions or concerns please do not hesitate to contact me. Thank you, Dan Kiernan | IT System Analyst-Sr | CSS - Corporate Services | 515.991.4130 The Principal Financial Group(r) | Connect with Us on Twitter<http://www.twitter.com/theprincipal> | Facebook<http://www.facebook.com/PrincipalFinancial> | Blog<blog.principal.com> | LinkedIn<http://www.principal.com/linkedin> | YouTube<http://www.youtube.com/principalfinancial> -----Message Disclaimer----- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to conn...@principal.com and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message. If you no longer wish to receive any further solicitation from the Principal Financial Group you may unsubscribe at https://www.principal.com/do-not-contact-form any time. If you are a Canadian resident and no longer wish to receive commercial electronic messages you may unsubscribe at https://www.principal.com/do-not-email-request-canadian-residents any time.
