JavaScript Changes for Acrobat X and Reader X, version 10.1.1

| 2 Comments

Background

Due to Adobe’s high interest in security, changes to existing Acrobat and Adobe Reader functionality are periodically released to further strengthen the product’s resistance to malicious attacks. As part of this effort, 10.1.1 introduces changes to the JavaScript feature that stores global variables and executes user-defined scripts.

Prior to 10.1.1, end users could place JavaScript files in %ApplicationData%\Adobe\(product name)\(version)\JavaScripts, and these files would execute automatically on application startup. For example, IT might place a JS file for modifying the product user interface by hiding or adding menu items on an Windows XP machine in C:\Documents and Settings\(username)\Application Data\Adobe\Acrobat\10.0\JavaScripts. Additionally, the folder contains glob.js and glob.settings.js, two files which the product can read and write to when storing global variables.

Changes for 10.1.1

By design, Acrobat processes do not write to the %ApplicationData%\ Acrobat\Privileged\10.0 folder. Additionally, sandboxed processes are specifically prohibited from writing to that folder. Thus, the most secure operation involves enabling Protected View in Acrobat and Protected Mode in Reader and thereby sandboxing all processes.

Additionally, the user JavaScript folder is moved from

  • Vista and Windows 7:
    Users\(username)\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts
    to
    Users\(username)\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts.
    For example, the new path might be
    C:\Users\JoeUser\AppData\Roaming\Adobe\Acrobat\Privileged\10.0\JavaScripts
  • XP:
    Documents and Settings\(username)\Application Data\Adobe\Acrobat\10.0\JavaScripts to Documents and Settings\(username)\Application Data\Adobe\Acrobat\Privileged\10.0\JavaScripts. For example, the new path might be: C:\Documents and Settings\JoeUser\Application Data\Adobe\Acrobat\Privileged\10.0\JavaScripts

Read the full Knowledge Base Article for details and recommendations