View Single Post
  #4 (permalink)  
Old September 9, 2010, 02:25 PM
DCCV44.2223 DCCV44.2223 is offline
Join Date: Apr 2010
Location: Vancouver
Posts: 260

PDF specs allow files to be embedded, executables to be launched and of course javascript is enabled by default (Foxit does that too), why are people surprised when there are frequent security problems with it.

Their advisory is kinda useless too when no information on workarounds and mitigating factors are included, e.g., does disabling scripting help, or can it break out of IE's protected mode in Vista/W7.

The next version of Acrobat will run in protected mode but maybe they should also nuke and trim the specs too.
Reply With Quote