Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Adobe Reader X can't be trusted yet
- Bear Bottoms
August 20, 2011, 1:45 pm
rate this thread
Protected Mode will not prevent unauthorized read access to the file
system or registry.
Protected Mode will not restrict network access.
Protected Mode will not prevent reading or writing to the clip board.
Given these limitations, attackers that exploit these “protected” components
will still be able to stay resident in memory and perform damaging activities
Read and exfiltrate data from the registry and/or user’s file system
Attack other machines and devices on the network
Use Reader as a stepping stone to execute other exploits against the host
system including exploits against kernel services
While Adobe’s Protected Mode is a step in the right direction for mitigating
risk of Adobe Reader, it still leaves significant residual risk on the table
for cyber adversaries to exploit.
Bear Bottoms, security consultant
Re: Adobe Reader X can't be trusted yet
Acrobat reader 6.0x is still able to open the vast majority of PDF files
that I throw at it, and it also seems to be particularly incapable of
correctly executing many, most or all of the PDF exploits that have
emerged over the past 3 years - at least on win-9x/me systems.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum