This just floated across the patch management list ""During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled."
http://secunia.com/blog/44/ Comments? I do remember seeing the Jscript doesn't prevent it, just makes engineering the exploit tougher. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] Sent: Monday, February 23, 2009 10:23 AM To: NT System Admin Issues Subject: RE: Adobe 0-day Haaaa...disregard...forgot to set the action to uncheck fully manageable. DOH Thomas -----Original Message----- From: Thomas Gonzalez Sent: Monday, February 23, 2009 12:20 PM To: NT System Admin Issues Subject: RE: Adobe 0-day Carl, i did a copy a paste into notepad and saved as adobe.adm and imported and yea...i received the template but not settings...stumped -----Original Message----- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Monday, February 23, 2009 11:51 AM To: NT System Admin Issues Subject: RE: Adobe 0-day Anytime you say "I read this morning" you're supposed to provide the URL to that reading. And did you read the .ADM file I've referenced, where you'll notice it addresses a bunch of different versions? Somebody went to a lot of trouble needlessly to cover older versions if it doesn't work with pre-9 versions. Carl -----Original Message----- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Monday, February 23, 2009 10:46 AM To: NT System Admin Issues Subject: RE: Adobe 0-day Not real sure about the file you're using, but I read this morning that one of those patches currently works only with Acrobat 9.x. Might you be working with 8.x? -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Carl Houseman" <c.house...@gmail.com> wrote on 02/23/2009 09:38:09 AM: > Working from IE7/Vista SP1 I just did a select-all on the web page, > copy, and pasted into notepad and saved. Works fine. > > Carl > > From: Thomas Gonzalez [mailto:tgonza...@girlscouts-swtx.org] > Sent: Monday, February 23, 2009 10:09 AM > To: NT System Admin Issues > Subject: RE: Adobe 0-day > > Hmmm, tried to save as adobe.adm and received several errors when > loading the template. Any ideas? > > > Thanks, > > Thomas > > From: James Rankin [mailto:kz2...@googlemail.com] > Sent: Monday, February 23, 2009 8:59 AM > To: NT System Admin Issues > Subject: Re: Adobe 0-day > > Nice one, cheers > > Obviously the Google-force runs stronger in your family than mine... > 2009/2/23 Carl Houseman <c.house...@gmail.com> > GPO template: > > http://www.shadowserver.org/wiki/uploads/Calendar/adobe.txt > > Carl > > From: James Rankin [mailto:kz2...@googlemail.com] > Sent: Monday, February 23, 2009 9:43 AM > > To: NT System Admin Issues > Subject: Re: Adobe 0-day > > I was searching for a way to disable this en masse on my Citrix > servers, but can't find any mention of a reg key or similar way of doing it > 2009/2/23 David Lum <david....@nwea.org> > Anyone doing anything about this? > http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221 > > I thought I saw a thread here last week about it, but can find nothing. > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~