Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Reader X - Sandbox - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Reader X - Sandbox

Adobe released the Reader X version today. This is the version of Reader that has sandbox feature built-in, there is now a degree of separation between the OS and the potentially malicious PDF files. The same sandbox mechanism had been implemented in Google Chrome and also MS Office. Containment of the harmful files lessen the damage should a successful attack were to happen. Given the amount of 0-day attacks on this software, we recommend our readers on Windows platform to upgrade to this version of Reader soon to leverage the sandbox technologies. While it does not prevent all exploitation, every little bit helps.

Adobe has written a series of blog entries explaining the sandbox mechanism. A good read if you are curious how it helps to protect against attacks.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London July 2022


93 Posts
ISC Handler
Nov 19th 2010
Direct download is here:
Unfortunately Adobe Reader X protected mode does not work with Symantec Endpoint Protection Network Threat Protection module. Hopefully that is fixed soon.

29 Posts
Would you please elaborate? What does "does not work" mean? I don't understand how the two are in any way related. We're using SEP 11.6001.
Adobe has published the following document to describe limitations of protected mode including known conflicts with some a/v software such as SEP.
Thanks. I guess I don't have to worry about SEP issues when the thing won't run on a Citrix server. :-(

We're still using v8 because Adobe removed MDI in v9 and now vX. We have a half dozen docs open at a time and with Adobe Reader launching a new instance for each doc and splattering them all over the monitor we simply cannot use the newer versions. If anyone knows of a good replacement that still has MDI and can use FDF files, we'd sure like to know.
Anyone find a way to customize the install yet?
The Adobe Customization Wizard 9 does not work with it, and I don't see a newer version...
Without that, deploying with GPO is going to be almost non-possible.
Althornin, have a look at Orca which is part of the Windows SDK Components for Windows Installer Developers (free from Microsoft). You have to get your hands a little dirtier than with the customization wizard, but it works well for generating transforms for any MSI based installer.

12 Posts
JJ: Have a look at the PDF-XChange Viewer ( It has a MDI interface and is usually faster than Acrobat Reader.
Philipp Brenner

2 Posts
The Customisation Wizard is supposed to come in mid-december (maybe 6th or 15th), as rumours on the Adobe Reader Support Forum say.

6 Posts

Sign Up for Free or Log In to start participating in the conversation!