More stuff concerning the PDF/JBIG issues: http://blogs.zdnet.com/security/?p=2668 (Has got some reg tweaks and such for disabling auto open in IE)
http://isc.sans.org/diary.html?storyid=5926 http://isc.sans.org/diary.html?storyid=5932 - Andy O. >-----Original Message----- >From: David Lum [mailto:[email protected]] >Sent: Tuesday, February 24, 2009 4:55 PM >To: NT System Admin Issues >Subject: RE: Adobe 0-day > >This just floated across the patch management list > >""During our analysis, Secunia managed to create a reliable, fully working >exploit (available for Secunia Binary Analysis customers), which does not >use JavaScript and can therefore successfully compromise users, who may >think they are safe because JavaScript support has been disabled." > >http://secunia.com/blog/44/ > >Comments? I do remember seeing the Jscript doesn't prevent it, just makes >engineering the exploit tougher. > >David Lum // SYSTEMS ENGINEER >NORTHWEST EVALUATION ASSOCIATION >(Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
