ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Acrobat bug can lead to malware installs without even opening an infected file

<< < (4/7) > >>

tomos:
...
Bonus: it also allows you to convert pages to PDF, preserving links.
-app103 (March 09, 2009, 02:43 PM)
--- End quote ---
and a very nice bonus with that, thanks :)

Deozaan:
Yeah, I came upon this yesterday when looking for a plug-in to enable viewing pdfs within Firefox (ie to enable me to use PDF Converter Pro to view pdfs within Firefox...). However, I decided not to download it because I don't mind having pdfs open in an external viewer.

FWIW, I'm always asked what I want to do with pdfs (open with PDF Converter or save), so am not sure what additional benefit PDF Download will give me?-Darwin (March 09, 2009, 03:45 PM)
--- End quote ---

I prefer PDFs to open in an external viewer. But Acrobat integrates in IE and Firefox and I absolutely HATE it when PDF files display in my browser. So I've been using PDF Download for a while to 1) try to view the PDF as HTML inside the browser and/or 2) force the browser to download the PDF to launch in an external viewer.

But now that I've uninstalled Acrobat and installed Foxit Reader, that doesn't seem to be an issue anymore. :Thmbsup:

Darwin:
Ha, ha! Always a silver lining, eh? Not unlike my "Eureka" moment when I realized that I don't acutally *need* a separate pdf viewer after I uninstalled Acrobat Reader  :Thmbsup:

xtabber:
FWIW, Foxit Reader 2.3 and 3.0 had the same security flaw (JBIG2 Trigger) as Adobe Reader, so replacing AR with FR did not remove the threat. Foxit released a patch today (http://www.foxitsoftware.com/pdf/reader/security.htm ), while Adobe is still saying that theirs will be released on Wednesday.

I recall reading somewhere that one could protect against this particular exploit by disabling Javascript in Adobe Reader, but I don't know if that is in fact true.

f0dder:
Hm. JBIG2 - fax image compression stuff? If that's what's exploited, I very much doubt disabling javascript is going to protect you. Unfortunate that foxit also has (had) the flaw, I guess foxit and adobe are using the same library for handling the image compression?

At least foxit shouldn't be just as exploitable as AR though, since it's AR that installs the explorer content filter thingamajig :)

Thanks for bringing this to our attention, xtabber!

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version