PDF Reader Flaw beyond JavaScript & Adobe

Adobe promised to have a patch to fix the reader flaw that could cause the compromise of end user systems by March 11 (which they did), but as we have seen in times past, to many end user systems do not get patches to non-Microsoft 3rd party apps. This is serious because it has been determined that this vulnerability can be exploited without JavaScript. Adobe’s first answer to deal with the exploit prior to a patch was to disable JavaScript…which would in fact not stop the exploit. Others have said that perhaps non Adobe PDF readers should be used, but recently there is evidence that even non-Adobe readers could be affected.

http://isc.sans.org/diary.html?storyid=6004
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129360&source=rss_topic17
http://news.cnet.com/8301-1009_3-10193218-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
http://gcn.com/Articles/2009/03/12/Adobe-patch.aspx
http://isc.sans.org/diary.html?storyid=5902
http://isc.sans.org/diary.html?storyid=5926
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129163&source=rss_topic17