That article is in reference to the earlier workaround of disabling JavaScript in Adobe Reader, not the 3/11/09 patch.
Bill -----Original Message----- From: Sam Cayze [mailto:sam.ca...@rollouts.com] Sent: Wednesday, March 11, 2009 8:28 AM To: NT System Admin Issues Subject: RE: Foxit PDF Reader Flaws On topic, The patch might not matter: A New Twist to the Adobe Vulnerability http://www.readwriteweb.com/archives/a_new_twist_to_the_adobe_vulnerability.php -Sam -----Original Message----- From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, March 11, 2009 10:22 AM To: NT System Admin Issues Subject: RE: Foxit PDF Reader Flaws It's March 11 already in most of the world and no Adobe patch yet. (I know, they're hardly awake in CA yet and why should I be surprised that Adobe can't automate something as simple putting a new version online.) Carl -----Original Message----- From: Mike French [mailto:mike.fre...@theequitybank.com] Sent: Wednesday, March 11, 2009 11:14 AM To: NT System Admin Issues Subject: Foxit PDF Reader Flaws Just an FYI: March 9, Computerworld - (International) Foxit PDF viewer open to attack, say researchers. Security researchers on March 9 warned of several vulnerabilities in Foxit, a free PDF document viewer that has been recommended as an alternative to Adobe Reader, which currently contains an unpatched critical bug of its own. Foxit Software Co. patched its namesake on March 9 to plug three holes. One of the three vulnerabilities is in the same JBIG2 image compression format fingered by researchers last month as the root of the bug in Adobe System Inc.'s popular Reader and Acrobat applications. The flaw in Adobe's software, which has been exploited by hackers since at least early January, will not be patched until March 11, according to Adobe's schedule. The Foxit and Adobe bugs are unrelated, however, except for the fact that they are both in the code that parses JBIG2 images, said the chief technology officer at Secunia, the Danish company that reported the flaw to Foxit. "It is a completely different vulnerability related to JBIG2," he said in an e-mail on March 9. It was Adobe's confirmation of its bug that prompted Secunia researchers to dig into other PDF viewers. "We did, however, start the research in Foxit out of curiosity based on the Adobe vulnerability, and discovered this new vulnerability," the chief technology officer said. Secunia reported the bug to Foxit on February 27. The remaining two bugs in Foxit were reported February 18 by Core Security Technologies, a developer of penetration testing software. One of the vulnerabilities can trigger a buffer overflow, while the other could be used by attackers to circumvent security warnings. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
