SFdude 1 Posted February 28, 2013 Share Posted February 28, 2013 Using EV client version 3.1.0,1225(yes, I know - it's ancient, but it works for me...),with WIN-XP SP3 -32 bit.When I read a PDF stored as an EV Note,EV pops up an info window,saying it's using the FOXIT PDF Reader inside EV,to render the PDF.That's OK...But what if the PDF (stored and rendered inside EV),contains an embeded, malicious JS script,and the JS script gets executedby the EV Foxit Reader?For my local PDF files (in my HD),I read PDF files with Sumatra PDF Reader or PDF-Xchange Reader,both with JS script execution TURNED OFF...Question:========Does EVs Foxit Reader have JS script execution TURNED OFF ?(while rendering a PDF file INSIDE the EV client version 3.1.0,1225).If it is not turned off,that would be a HUGE security risk in PDF rendering inside Evernote!.Is this a Security Risk?Thanks for any opinions or facts. Link to comment
Level 5* gazumped 12,034 Posted February 28, 2013 Level 5* Share Posted February 28, 2013 My two cents - it's difficult to evaluate your risk properly. You're using an old version of Evernote on an old OS to read PDFs you've imported from unknown websites. Don't know whether current AV software updates still support XP or what version you have installed. There's obviously a risk. You could minimise it by saving PDFs as attachments so they don't display on your system, and using 'open with' to choose your own PDF reader. I'd also recommend backups. Lots of regular backups.. Link to comment
BurgersNFries 2,407 Posted February 28, 2013 Share Posted February 28, 2013 Additionally, since 3.1 has not been supported for quite a long time, you may need to try to answer your question yourself, rather than hope for an official answer from EN. Link to comment
SFdude 1 Posted February 28, 2013 Author Share Posted February 28, 2013 2 Gazumped: Thanks for the quick & clear answer! Yes, as you suggested -saving PDFs as attachments(so they don't auto-display on my system via the built-in Foxit PDF Reader),is the solution. Again, thank you Gazumped! Link to comment
Level 5* gazumped 12,034 Posted February 28, 2013 Level 5* Share Posted February 28, 2013 Glad to help. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.