[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Does Rich Text hold the same risks as html ?
Carlos E. R. said:
> The Wednesday 2006-01-25 at 16:01 -0800, Crispin Cowan wrote:
>> * PDF: Did you know that the PDF standard allows for embedded
> I thought this only applied to acrobat version 7. Also, I though that
> other viewers, like xpdf, were safe in this respect.
(i.e. Acrobat 4).
And PDF supports event-triggered "auto-open" scripts with the same bad
security design as MS Office formats (see chapter 8.5.2 in
plugin called "Escript.api" (found in the "plug_ins" subdirectory).
To disable a plugin, simply remove it from this directory (including
for forms, spellcheck, weblinks, accessability, digital signatures,
Michel Messerschmidt, lists@xxxxxxxxxxxxxxxxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here