March 31, 2010
@DidierStevens has released a way to partially “control” the message showed by Adobe Reader when it launches an application from inside a pdf file with the PDFAction “/Launch”. Check it out here
I think it’s about time to start calling the application Launching capability of Adobe (and friends) a VULNERABILITY.
Here you have a python script for PATCHING the affected dll and cripple the Launch Action.
I tested it in W7 / Adobe Reader 9.3 but it should work for every version/OS/Arch mixture. In some OS you may experience some trouble replacing the dll.
(((( An untested improvement… s/Felipe/######/g ))))