Main Area and Open Discussion > Living Room

Yet another 0-day pdf exploit in the wild

(1/3) > >>

mouser:
Yet another 0-day pdf exploit in the wild
http://community.ca.com/blogs/securityadvisor/archive/2009/12/15/adobe-pdf-0-day-in-the-wild.aspx

that post tells you how to disable pdf rendering inside your browser from automatically happening.

i think that one of the worst ideas in the history of computing was letting adobe pdf render by default in the browser panel.. it's one of the more consistently exploited vulnerabilities.

no one should have pdf rendering in the browser on by default.  someone needs to make a page dedicated to helping people test if they do, and walking them through the process of disabling it if they do.  such a website would make a great little NANY project by the way.

f0dder:
Yeah, it's a big mistake... I've always hated any kind of in-browser document handling anyway.

Lashiec:
I always wondered what's the point in having a browser plugin for Acrobat, since the standalone program launches as fast and has the same exact functionality :-\

And if I were Adobe, I would ship next major version of Acrobat with JavaScript disabled. If a PDF really needs such function, the program usually warns you, so...

f0dder:
And if I were Adobe, I would ship next major version of Acrobat with JavaScript disabled. If a PDF really needs such function, the program usually warns you, so...
-Lashiec (December 17, 2009, 09:09 AM)
--- End quote ---
Doing so would be admitting defeat, though - probably not something they want to do :)

rxantos:
More important. Why is the rendering inside the browser on by default. Adobe should add a section on their installer saying. "Do you want to enanos browser support?" and have the default set to no.

Besides the pluggin is incredible fat on resources. I found that the reader loads a lot faster.

Navigation

[0] Message Index

[#] Next page