Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disable Adobe Reader javascript?

From: Vincent Stoffer <vince () REED EDU>
Date: Wed, 29 Apr 2009 09:29:46 -0700
Hi Gary,

Seems like a pretty sound policy to me.  I've also been disabling
javascript in Adobe Reader for a while and other than some annoying
warnings, haven't seen any problems with actually viewing documents.  It
is worth noting that the Secunia team posted a report that one of the
more recent Adobe exploits (0-day from February) was still exploitable
with javascript disabled before it was patched...so don't view the
disabling of javascript as a cure-all for Adobe vulnerabilities.

http://secunia.com/blog/44/

Vince


* Gary Flynn <flynngn () JMU EDU> [090429 09:12]:

Anyone ever heard of problems after disabling javacript
in Adobe Reader or know of it commonly being used?
We're considering pushing it as policy to managed
workstations due to the frequency of security defects
discovered and exploited in Adobe Reader. Two zero
days since the beginning of the year.

I've had it disabled for over a year and I've never
had a known problem. Or maybe I just missed out seeing
the dancing bears without knowing it.

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security




--
__   ___ _ __   ___ ___
\ \ / / | '_ \ / __/ _ \   Vincent Stoffer   Network Security Administrator
 \ V /| | | | | (_|  __/   Reed College      Portland, Oregon
  \_/ |_|_| |_|\___\___|   vince () reed edu    503-788-6695
Previous By Date Next
Previous By Thread Next

Current thread: