PaulDotCom mailing list archives
Adobe PDF Javascript
From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Wed, 23 Dec 2009 11:39:31 -0500
Thanks Tim. We, like many others, have been struggling with making sure that JavaScript is disabled in Reader/Acrobat. We push out the registry changes via GP and have educated end-users to not turn it on but I do realize that if prompted as you described that the end user could simply re-enable it. Does anyone know if there is a way to prevent the end user from re-enabling JavaScript (maybe changing the permissions on the registry key?). It appears (unless I read it wrong) that this blacklisting tool works on a case-by-case basis and will not universally disable JavaScript. Thank you and Happy Holidays! Jody -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Tim Mugherini Sent: Wednesday, December 23, 2009 8:12 AM To: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] Adobe PDF Javascript Hello All, I know EP 180 hasn't been released on audio yet (so I have not listened) but I noted Larry's show note on my SANS mailing list post regarding disabling javascript in Adobe Acrobat/Reader. While you can disable javascript via .reg or adm it will still warn the user when opening a .pdf with javascript in it and give them the option to re-enable js. What I did not know until today is Adobe implemented the JavaScript Blacklist Framework back in October with their latest and greatest versions of Reader/Acrobat 8 & 9. This is useful for blocking specific attacks (like the current 0 day) via .reg or adm. No menu option exists from what I can find. More info can be found here http://kb2.adobe.com/cps/532/cpsid_53237.html http://kb2.adobe.com/cps/504/cpsid_50431.html Still think someone need to take one of those Clue By Four's and smack Adobe with it. Happy Holidays! Tim (bugbear) _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Adobe PDF Javascript Tim Mugherini (Dec 23)
- Adobe PDF Javascript Jody & Jennifer McCluggage (Dec 23)
- Adobe PDF Javascript Tim Mugherini (Dec 23)
- Adobe PDF Javascript Jody & Jennifer McCluggage (Dec 23)