Comments on: Adobe Reader JavaScript Blacklist Framework

By: Constantine

Constantine — Thu, 03 Jun 2010 18:47:11 +0000

Nice attempt from adobe, BUT still not satisfactory.

By: Disable Acrobat Javascript « Aggressive Virus Defense

Disable Acrobat Javascript « Aggressive Virus Defense — Sun, 24 Jan 2010 17:51:38 +0000

[...] Didier Stevens has posted a video which illustrates the Adobe Reader JavaScript Blacklist Framework [...]

By: Didier Stevens

Didier Stevens — Tue, 19 Jan 2010 20:52:47 +0000

No, if you use Adobe Reader, you should patch it. Only disable functions used in 0-days.

Disabling unescape would be a good thing, but it seems impossible with the framework.

By: Julien

Julien — Tue, 19 Jan 2010 20:02:13 +0000

Really interesting.
Do you know an existing list of “dangerous” functions ? It would be useful data to share. And if there is some similarities between Adobe and html javascript, the blacklist could also be used in Firefox extension Noscript.

More adobe registry in http://learn.adobe.com/wiki/download/attachments/52658564/acrobat_reader_security_9x.pdf?version=1

Thanks for your work Didier.

By: Interesting Information Security Bits for 01/11/2010 | Infosec Ramblings

Interesting Information Security Bits for 01/11/2010 | Infosec Ramblings — Tue, 12 Jan 2010 02:25:19 +0000

[...] a video tutorial on using the Adobe Reader JavaScript Blacklist Framework. Pretty nifty stuff. Adobe Reader JavaScript Blacklist Framework << Didier Stevens Tags: ( [...]

By: Plaats hier software gerelateerd nieuws! - Page 16

Plaats hier software gerelateerd nieuws! - Page 16 — Mon, 11 Jan 2010 18:18:22 +0000

[...] die Adobe in Adobe Reader en Acrobat heeft aangebracht om bescherming tegen exploits te bieden, is volgens de Belgische PDF-expert Didier Stevens te beperkt. Veel van de exploits die in PDF-bestanden [...]