Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 01:53:28 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Yet another 0-day pdf exploit in the wild  (Read 5656 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Yet another 0-day pdf exploit in the wild
« on: December 16, 2009, 02:30:29 AM »
Yet another 0-day pdf exploit in the wild
http://community.ca....day-in-the-wild.aspx

that post tells you how to disable pdf rendering inside your browser from automatically happening.

i think that one of the worst ideas in the history of computing was letting adobe pdf render by default in the browser panel.. it's one of the more consistently exploited vulnerabilities.

no one should have pdf rendering in the browser on by default.  someone needs to make a page dedicated to helping people test if they do, and walking them through the process of disabling it if they do.  such a website would make a great little NANY project by the way.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #1 on: December 16, 2009, 09:54:12 AM »
Yeah, it's a big mistake... I've always hated any kind of in-browser document handling anyway.
- carpe noctem

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #2 on: December 17, 2009, 09:09:40 AM »
I always wondered what's the point in having a browser plugin for Acrobat, since the standalone program launches as fast and has the same exact functionality :-\

And if I were Adobe, I would ship next major version of Acrobat with JavaScript disabled. If a PDF really needs such function, the program usually warns you, so...

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #3 on: December 17, 2009, 09:10:40 AM »
And if I were Adobe, I would ship next major version of Acrobat with JavaScript disabled. If a PDF really needs such function, the program usually warns you, so...
Doing so would be admitting defeat, though - probably not something they want to do :)
- carpe noctem

rxantos

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 116
    • View Profile
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #4 on: December 23, 2009, 07:05:07 AM »
More important. Why is the rendering inside the browser on by default. Adobe should add a section on their installer saying. "Do you want to enanos browser support?" and have the default set to no.

Besides the pluggin is incredible fat on resources. I found that the reader loads a lot faster.

OldElmerFudd

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 181
  • Bite-sized trouble
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #5 on: December 23, 2009, 12:02:46 PM »
Do all readers open in browsers like Adobe? Even my favorite, PDF-XChange does. At least it's faster and lighter on resources.
 :tellme:
Always code as if the guy who ends up maintaining your code is a violent psychopath and knows where you live.

ajp

  • Participant
  • Joined in 2006
  • *
  • Posts: 22
    • View Profile
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #6 on: December 23, 2009, 08:37:11 PM »
for PDF-XChange (my favorite, too!)
File > Preferences > File associations > Make PDF-XChange the Default PDF Viewer > Display PDF in Browser [ ] (uncheck)
Should do the trick.

I haven't installed Adobe Reader in ages. First, I stuck to version 7, then I switched to Foxit, and now it's PDF-XChange. Never looking back, I guess. And I've always hated when they get embeded on my browser window.

erikts

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 152
    • View Profile
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #7 on: December 24, 2009, 12:33:35 AM »
I use PDF-Xchange Viewer and when I inspect the preference (Edit|Preferences|File Associations), Display PDF in Browser is unchecked by default.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,721
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #8 on: December 25, 2009, 01:52:48 AM »
What does 0-day mean?


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #9 on: December 25, 2009, 06:26:24 AM »
What does 0-day mean?
"Breaking news".

In the exploit world, it's stuff that isn't generally known yet, and thus hasn't been patched by the vendor(s).
- carpe noctem

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Yet another 0-day pdf exploit in the wild
« Reply #10 on: January 06, 2010, 04:19:29 PM »
Adobe Reader vuln hit with unusually advanced attack

Finally, maybe Adobe will finally get some bad press and we'll get non-shitty code in our PDF readers...however unlikely...

Ehtyar.