Page 1 of 1

Adobe PDF Reader zero-day vulnerability

Posted: Fri Feb 15, 2013 6:52 pm
by mbrazil
Adobe investigates PDF Reader zero-day vulnerability reports

Adobe's security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.

Adobe's original bulletin listed only Windows and Macintosh as vulnerable platforms. Linux was then added to the list. ... -zero-day/

No patch yet for Adobe PDF exploits - Adobe suggests a workaround ... 2Bsecurity

How about this for a workaround? Don't use Adobe Reader! There are plenty of good alternatives available.

Re: Adobe PDF Reader zero-day vulnerability

Posted: Sun Feb 17, 2013 3:58 pm
by darth
Thanks Mike for info Adobe Reader is having(sorry). Have not used it in quite a few years.

Been usinf Foxit Reader(free) for quite some time. It amazes me the info javascript knows and can find out your machine.

I kept my sample HTML/Javascript training sites iin a folder. My brosers IE8, Firefox and XP safari can open these sites and each one
can reveal to me my machine resolution. That is with very simple javascript code.

What else does javascript lnow about my machine I wonder?

Re: Adobe PDF Reader zero-day vulnerability

Posted: Mon Feb 18, 2013 3:12 am
by mbrazil
I can understand why a site would be coded to query your machine for display resolution.

I'm not a web developer or a programmer, but since javascript running in your browser is a programming-language interpreter, I imagine javascript code on a web site could find out pretty much anything about machines attempting to load web pages, as long as your operating system or other software running on your computer isn't set to protect the information it's seeking or to block javascript altogether.

I imagine that you could find information regarding what javascript is capable of finding out about your PC on google, wikipedia, etc.

My favorite (free) .PDF reader is PDF-XChange, but there are plenty of them available.