Adobe Acrobat JavaScript Execution Bug is a Huge Security Issue

by Nitesh Dhanjani

The Adobe JavaScript execution bug recently discovered is a huge security issue for any organization that serves PDF files via its web servers.

6 Comments


2007-01-04 13:59:14
"...so try Firefox for best results", wouldn't that be "worst results"? :)
nitesh
2007-01-04 14:07:16
Anonymous: yes indeed :-D
darron
2007-01-04 18:09:46
What about forcing the PDF to download? Kind of like this?
John Dowdell
2007-01-04 22:28:12
Hi, if you've updated to last autumn's free Adobe Reader 8, then you're already protected. Updaters for those who must use older versions are expected next week, and they will not pass in-URL JavaScript to browsers which might confuse the domains. Best info in this Adobe Security Advisory:
http://www.adobe.com/support/security/alertus.html


tx, jd/adobe

John Dowdell
2007-01-04 22:29:13
ack, my error sorry, Security Advisory actually here:
http://www.adobe.com/support/security/advisories/apsa07-01.html


jd/adobe

Steven
2007-01-16 15:54:00
Hi,


BTW: To improve Adobe Reader security, users should in my opinion also disable the JavaScript support of Adobe Reader.


Regards,
Steven