By default yes Adobe renders PDF with Javascript, which allows both good and evil javascript to execute, as we all know the various flaws in adobe, this definitely leads to an attack vector which has been exploited time and time again.
But seriously I still see Java as the bigger threat, and as others have said it will continue to be this for years to come. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -----Original Message----- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Tuesday, January 15, 2013 6:30 PM To: NT System Admin Issues Subject: Re: FoxIT reader vulnerability Doesn't Adobe (and possibly other PDF viewers) include PDF rendering with javascript now? I just want a "dumb" .pdf reader. Is it just me? --Matt Ross Ephrata School District ----- Original Message ----- From: Ben Scott [mailto:mailvor...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Tue, 15 Jan 2013 14:46:31 -0800 Subject: Re: FoxIT reader vulnerability > On Fri, Jan 11, 2013 at 10:50 AM, Richard McClary > <richard.mccl...@aspca.org> wrote: > > http://www.theregister.co.uk/2013/01/11/foxit_pdf_plugin_vuln/ > > > > Just now checked the FoxIT web site. The currently offered version > > is 5.4.4.1128, which the article mentions as being vulnerable (as > > are older versions). > > > > May end up having to use Adobe anyway… > > I strongly suspect FoxIt licenses at least their core code from > Adobe. Many features and vulnerabilities seem to track on a > one-to-one basis. > > FoxIt is a lot more lightweight, though, so it prolly has a smaller > attack surface overall. It may be they just don't include all the > bloat that Adobe does. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
