Last Updated: 2010-04-09 02:16:25 UTC
by Mark Hofman (Version: 1)
Late last month Didier discussed a POC relating to the /launch functionality in PDF files (http://isc.sans.org/diary.html?storyid=8545)
Adobe published a reply and a work around for this on their blog pages (http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html)
The article shows a few default settings that can be changed and a registry modification to reduce the risk of this type of attack. Adobe is examining the issue and are deciding what to do. They may make a fix available as part of their quarterly updates to the product.