Hi, Adobe's implementation of Javascript in PDF documents, referred to as Acrobat JavaScript<http://www.adobe.com/devnet/acrobat/pdfs/Acro6JSGuide.pdf>, appears to have been originally introduced based on the popularity of PDF eForms. Javascript allows for some dynamic behaviors in PDF's, including calculations, responses to user actions, user data validation, and the integration of other dynamic capabilities.
That said, for many users PDF's are simply a mechanism for providing documents to read. Given the spate of vulnerabilities identified in Acrobat and Reader in 2009, and the likely promise of more in 2010, an advisable approach, depending on your usage of these products, may be to disable Javascript and only re-enable when performing an activity with a PDF that requires Javascript be enabled, such as with an eForm. Adobe notes that disabling Javascript mitigates against exploits identified this year that use Javascript functions to cause a memory corruption, although in some cases it would be possible to create variants that do not rely on Javascript. To disable Javascript in Adobe Reader or Acrobat: select Edit > Preferences, select the JavaScript option on the left, and uncheck the Enable Acrobat JavaScript option Original Post: Praetorian Prefect<http://praetorianprefect.com/archives/2009/12/disabling-javascript-on-adobe-acrobat/> Regards Suman ________________________________ From: Soi, Dhruv [mailto:[email protected]] Sent: Thursday, January 07, 2010 1:23 AM To: SUMAN SOURAV; [email protected] Subject: RE: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites Forgot to state: I love Chinese. They negotiated with M$ to get the entire source code for the products and then found the ways to secure and insecure. From: Soi, Dhruv [mailto:[email protected]] Sent: 07 January 2010 01:18 To: 'SUMAN SOURAV'; '[email protected]' Subject: RE: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites Appreciate your comments. Here is another detailed analysis if you would like to go for Adobe: http://extraexploit.blogspot.com/2009/12/adobe-cve-2009-4324-in-wild-0day-part_1766.html I think their patch is still awaited so leverage it, if this is indeed the case. Embedded objects shall remain a problem forever for MS/Adobe/Followers. From: [email protected] [mailto:[email protected]] On Behalf Of SUMAN SOURAV Sent: 06 January 2010 20:48 To: [email protected] Subject: Re: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites Despite the fact that the majority of malware exploits use JavaScript to trigger an attack in Adobe's PDF Reader product, the company says it's impossible to completely remove JavaScript support without causing major compatibility problems. Read the detail from http://threatpost.com/en_us/blogs/despite-danger-adobe-says-javascript-support-important-010410?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular Regards Suman ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Soi, Dhruv Sent: Wednesday, January 06, 2010 3:49 PM To: [email protected] Subject: [Owasp-delhi] More attackers targeting Social Networking and software vendors sites There has been massive increase in targeted attacks in last few months. Malware writers prefer to infect victims using vulnerabilities in Microsoft Products and Adobe. There has been increase in MS/Adobe 0-days that helps malware hop from one machine to another with its payload which most of the times reports to a botnet. Social networking websites like Twitter and Facebook are becoming prime source for attackers to carry targeted attacks. Recently Mcafee published a report on 2010 Threat prediction: http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf Recently, we also found similar mass attack using MS Word vulnerability and detailed report has been published here: http://torridnetworks.com/index.php/case-studies/50-information-security/139-malware-analysis-report-for-a-targeted-attack-via-word-document-carried-out-against-few-sensitive-email-accounts-belonging-to-elite-customer-of-torrid.html Also, many corporate are coming up with social media policy for all their employees while using social networking portals which I think makes lot of sense to protect corporate from identity theft. Is there something similar happening at your organization as well? Many Thanks, Dhruv Le e-mail provenienti dalla Sella Synergy India Private Ltd sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Sella Synergy India Private Ltd stessa, salvo che cio' non sia espressamente previsto da un precedente accordo. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. E-mails from Sella Synergy India Ltd Private are sent in good faith but they are neither binding on the Sella Synergy India Private Ltd nor to be understood as creating any obligation on its part except where provided for an agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation. Le e-mail provenienti dalla Sella Synergy India Private Ltd sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Sella Synergy India Private Ltd stessa, salvo che cio' non sia espressamente previsto da un precedente accordo. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. E-mails from Sella Synergy India Private Ltd are sent in good faith but they are neither binding on the Sella Synergy India Private Ltd nor to be understood as creating any obligation on its part except where provided for an agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation.
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
