[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] PDF mailto exploit in the wild
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] PDF mailto exploit in the wild
- From: "Nick Boyce" <nick.boyce@xxxxxxxxx>
- Date: Tue, 23 Oct 2007 14:23:01 +0100
On 10/23/07, Paul Szabo <psz@xxxxxxxxxxxxxxxxx> wrote:
> In case you are interested... messages like the following were spammed
> to my users tonight.
Thanks for the heads-up.
I figured I'd check out Adobe's workaround :
http://www.adobe.com/support/security/bulletins/apsb07-18.html
... and there, in the section on registry editing to disable Acrobat's
mailto feature, we find the following :
> # Navigate to the appropriate registry key:
[...]
> Reader:
> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat
> Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms
[...]
> # To Disable mailto (recommended)
> Modify tSchemePerms by setting the mailto: value to 3:
> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|
> ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2
And now I'm having heart palpitations ... can anyone explain the
function of the "telnet" and "ssh" parts of that little registry entry
?
Cheers,
Nick Boyce
--
"The system is repaired when ordinary greed takes over from
extraordinary fear - and that's what we're working towards."
Prof Larry Summers, US Treasury Secretary 1999-2001, commenting on the
Northern Rock banking crisis on BBC Newsnight, 14th.Sept.2007
My, what a high civilisation we've built.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/