On 24 Feb 2009 at 14:55, David Lum wrote: > This just floated across the patch management list > > ""During our analysis, Secunia managed to create a reliable, fully working > exploit (available for Secunia Binary Analysis customers), which does not use > JavaScript and can therefore successfully compromise users, who may think they > are safe because JavaScript support has been disabled." > > http://secunia.com/blog/44/ > > Comments? I do remember seeing the Jscript doesn't prevent it, just makes > engineering the exploit tougher.
I'm installing the free PDFXchange viewer on all my home-user client PCs and on all corporate PCs where the Adobe reader is not absolutely essential. FWIW PDFXchange allows you to disable Adobe Javascript, which the last version of Foxit Reader that I checked did not allow you to do. I figure staying away from the offical Adobe reader might give me just a smidge of SBO ... -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
