Wednesday, February 25, 2009

Adobe Vulnerabilty More Info and Mitigations: article 200904

Yesterday I wrote about the Adobe flaw and reviewing my post realized I did not mention that another step to help mitigate this vulnerability is to use an alternative PDF reader that is offered free by Foxit Software . ZD Net posted an article today that pretty much bashes on Adobe but if get past that down towards the end of the Secunia (who has a great free tool I will write about in a future post) announced it was able to perform the exploit without the use of Java. If this is true then some the mitigations proposed by Adobe may not be affective.

In an isolated environment I too created a malicious PDF with exploit code found on Milw0rm and disabled both the Javascript and open in Internet explorer and it still crashed my Adobe reader program while Foxit opened just fine.

There is also a link that points to information that gives you a URL to an actual malicious PDF. I am going to stop "blogging" now and am going to reset my environment and try it next.

No comments:

Post a Comment