On Sun, 06 Jul 2003, David Corking wrote: > On Wed, 02 Jul 2003, Chris Berry wrote: > > > >From: "Roger A. Grimes" <[EMAIL PROTECTED]>
> > >It won't load Flash, RealPlayer, Windows Media Player, or most other > > >plug-ins or Helper > > >Applications. > > > > Good, 95% of these have no legitimate business application anyways, and if > > they do I can enable them for that user. > > The Acrobat Reader plug-in is considered by IE to be an ActiveX > control. This is where I have to say yes when prompted. > > I have heard of the potential of malicious pdf files - but I have not > heard a specific example. Other security-basics readers know of any? I need to answer my own question - I forgot about this (snipped from lwn.net June 26) Of course this is not an exploit of Adobe Acrobat Reader, but that this exists in another browser's interface to another PDF viewer pretty much negates my point. Presumably IDS of various types become the only defence from as yet undiscovered attacks, if you don't want to ban PDF. kde: arbitrary code execution Package(s): kde CVE #(s): CAN-2003-0204 Created: April 10, 2003 Updated: June 30, 2003 Description: The KDE Security team has issued an advisory on a vulnerability present in all versions of KDE that allow a remote attacker to execute arbitrary commands under your account. KDE 3.0.5b and KDE 3.1.1a have been released to address this problem. For KDE 2.2.2 patches to the KDE 2.2.2 sources have been made available. KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files. An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled. An attacker can provide malicious files remotely to a victim in an e-mail, as part of a webpage, via an ftp server and possible other means. Alerts: Conectiva CLA-2003:668 2003-06-30 Red Hat RHSA-2003:002-01 2003-05-12 Debian DSA-296-1 2003-04-30 Mandrake MDKSA-2003:049-1 2003-04-24 SuSE SuSE-SA:2003:0026 2003-04-24 Debian DSA-293-1 2003-04-23 Slackware sl-1050682024 2003-04-18 Mandrake MDKSA-2003:049 2003-04-17 Sorcerer SORCERER2003-04-12 2003-04-12 Debian DSA-284-1 2003-04-12 Gentoo 200304-05 2003-04-11 Gentoo 200304-04 2003-04-10 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------