Comments on: Secure yourself from the recent PDF exploits by disabling JavaScript

By: Zero-Day Malware Drops Payloads Signed with a Forged Microsoft Certificate « Webroot Threat Blog

Wed, 16 Dec 2009 01:02:49 +0000

[...] the meantime, until Adobe issues updates for Acrobat and/or Reader, you may wish to follow these instructions to disable Javascript within those [...]

By: Sean

Sean — Tue, 15 Dec 2009 15:58:24 +0000

Thanks for the registry file and for including all current versions, I use PolicyMaker here and this makes it really simple to push the registry updates. Adobe’s security on this javascript stuff is just cheesecloth. Why we need yet another webpage when actually we need a secure way of passing documents eludes me at the moment.

By: Bryan Migliorisi

Bryan Migliorisi — Fri, 01 May 2009 03:34:16 +0000

@leftystrat Thanks You can also try FoxIt which is another free PDF reader for Windows.

http://www.foxitsoftware.com/pdf/reader/

By: leftystrat

leftystrat — Fri, 24 Apr 2009 22:29:23 +0000

I read yesterday that people are starting to recommend using alternatives to Acrobat. I avoid Adobe wherever possible personally but get stuck with it sometimes at work. Sumatra is a free reader app for Windows that works quite well (and doesn’t phone home). Linux generally comes with its own.

It has been my experience that very little good comes from javascript in a browser. Now I have to worry about it in Acrobat too.

Bravo on the GPO/registry file!

By: Bryan Migliorisi

Bryan Migliorisi — Mon, 23 Feb 2009 21:20:39 +0000

@Blood

Thanks. Unfortunately, in many environments where you manage more than a few machines, its very difficult to know which versions of any software is installed. Plus, its good measure to lock things down preemptively.

By: Blood

Blood — Mon, 23 Feb 2009 21:13:54 +0000

So long as your copy is up-to-date you should be OK

http://www.avertlabs.com/research/blog/index.php/2008/02/11/another-adobe-pdf-exploit-in-the-wild/