Adobe has released Reader/Acrobat versions 9.3.3 and 8.2.3. These updates include 17 security-related fixes including one related to Flash content embedded in PDFs that has been exploited in the wild.
/Launch actions are also defaulted to off starting with this release. If you enable /Launch, then the warning the user sees is much improved.
The GDI object leak and crash problem described here remains unfixed.
References:
http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment