Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe launch issue response/work around.

Published: 2010-04-09
Last Updated: 2010-04-09 02:16:25 UTC
by Mark Hofman (Version: 1)
3 comment(s)

 Late last month Didier discussed a POC relating to the /launch functionality in PDF files (http://isc.sans.org/diary.html?storyid=8545)

Adobe published a reply and a work around for this on their blog pages (http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html)

The article shows a few default settings that can be changed and a registry modification to reduce the risk of this type of attack.  Adobe is examining the issue and are deciding what to do.  They may make a fix available as part of their quarterly updates to the product.

Mark 

Keywords: Adobe launch
3 comment(s)
Diary Archives