Educause Security Discussion mailing list archives
Re: Disable Adobe Reader javascript?
From: Vincent Stoffer <vince () REED EDU>
Date: Wed, 29 Apr 2009 09:29:46 -0700
Hi Gary, Seems like a pretty sound policy to me. I've also been disabling javascript in Adobe Reader for a while and other than some annoying warnings, haven't seen any problems with actually viewing documents. It is worth noting that the Secunia team posted a report that one of the more recent Adobe exploits (0-day from February) was still exploitable with javascript disabled before it was patched...so don't view the disabling of javascript as a cure-all for Adobe vulnerabilities. http://secunia.com/blog/44/ Vince * Gary Flynn <flynngn () JMU EDU> [090429 09:12]:
Anyone ever heard of problems after disabling javacript in Adobe Reader or know of it commonly being used? We're considering pushing it as policy to managed workstations due to the frequency of security defects discovered and exploited in Adobe Reader. Two zero days since the beginning of the year. I've had it disabled for over a year and I've never had a known problem. Or maybe I just missed out seeing the dancing bears without knowing it. http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
-- __ ___ _ __ ___ ___ \ \ / / | '_ \ / __/ _ \ Vincent Stoffer Network Security Administrator \ V /| | | | | (_| __/ Reed College Portland, Oregon \_/ |_|_| |_|\___\___| vince () reed edu 503-788-6695
Current thread:
- Disable Adobe Reader javascript? Gary Flynn (Apr 29)
- <Possible follow-ups>
- Re: Disable Adobe Reader javascript? Vincent Stoffer (Apr 29)
- Re: Disable Adobe Reader javascript? Eric C. Lukens (Apr 29)
- Re: Disable Adobe Reader javascript? Irish, Adrian L (Apr 29)
- Re: Disable Adobe Reader javascript? Theodore Pham (Apr 29)
- Re: Disable Adobe Reader javascript? Roger Safian (Apr 30)
- Re: Disable Adobe Reader javascript? Kevin Wilcox (Apr 30)
- Re: Disable Adobe Reader javascript? Plesco, Todd (Apr 30)