[olug] [ot] chrome

Benjamin Watson bwatson1979 at gmail.com
Mon Dec 6 14:31:35 UTC 2010


I'll have to side with Luke on this one.  Sure, the PDF spec has a
portion to embed javascript and to tell client software what "EXE" to
execute, but the vulnerabilities arise in the client-side
implementation of the PDF spec.  Adobe has been screwing this up all
the time with Reader.

On Sun, Dec 5, 2010 at 10:17 PM, Will Langford <unfies at gmail.com> wrote:
>>
>> Extra crap? Holes? Protection? Are you seriously talking about PDF?
>> I'm not aware of any holes, or any need for a sandbox.
>> What does PDF have to do with Flash anyhow? PDF is an open standard, with
>> at
>> least one viewer (Okular) far superior to Adobe's for Linux. It's more or
>> less
>> just compression for GhostScript...
>>
>>
> http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/
>
> <http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/>Or....
> to... even get away from crafty things like that... how about something much
> simpler:
>
> http://www.h-online.com/security/news/item/PDF-exploit-requires-no-specific-security-hole-to-function-968140.html
>
> ------------------
>
> PDF hasn't been 'just a text formatter' for a very long time....
>
> -Will
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list