Adobe PDF Reader zero-day vulnerability

Discuss whatever you like here! ( ...that's not spam!)

Moderators: Support Staff², Support Staff, AvantGuard, Developer

Post Reply
mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Adobe PDF Reader zero-day vulnerability

Post by mbrazil » Fri Feb 15, 2013 6:52 pm

Adobe investigates PDF Reader zero-day vulnerability reports

Adobe's security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.

Adobe's original bulletin listed only Windows and Macintosh as vulnerable platforms. Linux was then added to the list.

http://nakedsecurity.sophos.com/2013/02 ... -zero-day/

No patch yet for Adobe PDF exploits - Adobe suggests a workaround

http://nakedsecurity.sophos.com/2013/02 ... 2Bsecurity

How about this for a workaround? Don't use Adobe Reader! There are plenty of good alternatives available.

darth
AvantGuard
AvantGuard
Posts: 970
Joined: Mon Jun 11, 2007 9:16 pm
Windows Version: Windows 7
Avant Version: Avant 11_0 Build 46
Default engine: trident
IE Version: 10
Skin: default

Re: Adobe PDF Reader zero-day vulnerability

Post by darth » Sun Feb 17, 2013 3:58 pm

Thanks Mike for info Adobe Reader is having(sorry). Have not used it in quite a few years.

Been usinf Foxit Reader(free) for quite some time. It amazes me the info javascript knows and can find out your machine.

I kept my sample HTML/Javascript training sites iin a folder. My brosers IE8, Firefox and XP safari can open these sites and each one
can reveal to me my machine resolution. That is with very simple javascript code.

What else does javascript lnow about my machine I wonder?
Dell Precision 360 Work Staton XP 32/64 bits

mbrazil
AvantGuard
AvantGuard
Posts: 1966
Joined: Tue Jul 26, 2005 10:04 pm
Windows Version: 10
Avant Version: 2015 Ultimate Build 28
Default engine: Gecko (Firefox)
IE Version: 10
Skin: Monai XP
Location: Grass Valley, CA

Re: Adobe PDF Reader zero-day vulnerability

Post by mbrazil » Mon Feb 18, 2013 3:12 am

I can understand why a site would be coded to query your machine for display resolution.

I'm not a web developer or a programmer, but since javascript running in your browser is a programming-language interpreter, I imagine javascript code on a web site could find out pretty much anything about machines attempting to load web pages, as long as your operating system or other software running on your computer isn't set to protect the information it's seeking or to block javascript altogether.

I imagine that you could find information regarding what javascript is capable of finding out about your PC on google, wikipedia, etc.

My favorite (free) .PDF reader is PDF-XChange, but there are plenty of them available.

Post Reply