Educause Security Discussion mailing list archives
Re: Disable Adobe Reader javascript?
From: "Irish, Adrian L" <Adrian.Irish () MSO UMT EDU>
Date: Wed, 29 Apr 2009 11:30:37 -0600
An additional tidbit related to this topic. I have both Reader and the full version of Acrobat (version 8) installed, with JavaScript disabled in both. Reader behaves as expected, but when I open pdf files in Acrobat, it throws up the message that "this pdf contains JavaScript...", for every single pdf file, even though I don't believe these files have any JavaScript in them; and, it does this not once, but twice. Since I don't use Acrobat very often, it's not a big deal, but if someone used it regularly, that would be a significant annoyance. Adrian Irish IT Security Officer The University of Montana SS 126D Missoula, MT 59812 (406) 243-6375 adrian.irish () umontana edu
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric C. Lukens Sent: Wednesday, April 29, 2009 10:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Disable Adobe Reader javascript? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have never run into a PDF file that needed javascript either. Be careful, if users do encounter a PDF file using JS, they'll likely be prompted to turn JS back on. If desired, I have a HKCU registry file that can be imported (via whatever login scripting technique you use) to disable JS and a Group Policy template (adm) to do the same. Just email me and I'll send them to you. - -Eric - -------- Original Message -------- Subject: [SECURITY] Disable Adobe Reader javascript? From: Gary Flynn <flynngn () JMU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Date: 4/29/09 11:11 AMAnyone ever heard of problems after disabling javacript in Adobe Reader or know of it commonly being used? We're considering pushing it as policy to managed workstations due to the frequency of security defects discovered and exploited in Adobe Reader. Two zero days since the beginning of the year. I've had it disabled for over a year and I've never had a known problem. Or maybe I just missed out seeing the dancing bears without knowing it.http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html- -- Eric C. Lukens IT Security Policy and Risk Assessment Analyst ITS-Network Services Curris Business Building 15 University of Northern Iowa Cedar Falls, IA 50614-0121 319-273-7434 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkn4gUYACgkQN+w4PqsMNp1LwgCfX/WP3ltunbFEkyN4YpdXA+E0 5zgAn2qHH1kuepYR0/nKHps755w19ZGC =tWlU -----END PGP SIGNATURE-----
Current thread:
- Disable Adobe Reader javascript? Gary Flynn (Apr 29)
- <Possible follow-ups>
- Re: Disable Adobe Reader javascript? Vincent Stoffer (Apr 29)
- Re: Disable Adobe Reader javascript? Eric C. Lukens (Apr 29)
- Re: Disable Adobe Reader javascript? Irish, Adrian L (Apr 29)
- Re: Disable Adobe Reader javascript? Theodore Pham (Apr 29)
- Re: Disable Adobe Reader javascript? Roger Safian (Apr 30)
- Re: Disable Adobe Reader javascript? Kevin Wilcox (Apr 30)
- Re: Disable Adobe Reader javascript? Plesco, Todd (Apr 30)