nick hatch wrote: > > On Sat, Feb 21, 2009 at 9:06 AM, John LaCour <[email protected]> > wrote: > > And there's very little information about how to mitigate the > attack without a patch. > > By disabling Javascript in the Reader, you can prevent the known > attacks. The actual vuln isn't in Acrobat javascript - that's > just leveraged for heap spraying. > > This workaround is utterly unfeasible for some businesses. At $dayjob, > we have systems which autogenerate PDF forms, and it turns out they > use javascript. I get the impression this is common. > > Adding insult to injury, the vendors which support these systems don't > support Adobe 9 yet, so we're on 8. Adobe 8 gets its fix to "follow > soon after" the March 11th date for Adobe 9. > > Our current mitigation strategy is begging our users to be safe. Ugh.
Not sure whether this helps, but Symantec mentiones that "Enabling DEP for Adobe Reader will also help prevent this type of attack." https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/vulnerabilities_exploits/article-id/188 Regards, Axel Pettinger _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
