download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A less restrictive JavaScript protection technique<br />
is to use the JavaScript BlackList<br />
Framework.<br />
This new feature allows you to leave support<br />
for JavaScript enabled, but to blacklist vulnerable<br />
JavaScript API functions.<br />
For example, to protect Adobe Reader from<br />
the 0-day in JavaScript API function<br />
Conclusion<br />
This article features several techniques to protect<br />
vulnerable office applications from exploitation<br />
by malicious documents.<br />
For step-by-step instructions on how to implement<br />
these techniques, visit my blog and<br />
DocMedia.newPlayer, you need to add this<br />
function to registry value tBlackList. By doing<br />
so, JavaScripts using this function will be interrupted<br />
when the vulnerable function is<br />
called inside the script.<br />
The user will see a warning, but he will not<br />
have the option to allow the function call to go<br />
through.<br />
select the PDF category:<br />
blog.didierstevens.com/category/pdf<br />
Keep in mind that these techniques work with<br />
current “in the wild” malware because we mitigate<br />
the tactics used by malware authors, but<br />
that this is an arms race and that evolving tactics<br />
require evolving protection measures.<br />
Didier Stevens (CISSP, GSSP-C, MCSD .NET, MCSE/<strong>Security</strong>, RHCT) is an IT <strong>Security</strong> Consultant currently<br />
working at a large Belgian financial corporation. He is employed by Contraste Europe NV, an IT Consulting<br />
Services company (www.contraste.com). You can find open source security tools on his IT security related<br />
blog at blog.DidierStevens.com.<br />
www.insecuremag.com 42