Friday, February 20, 2009

Adobe Acrobat BoF Zero-Day Update

This is just a minor update on yesterday's blog entry...

A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is available. Successful exploitation allows execution of arbitrary code.


Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009


According to my friend @ TrendMicro...there are several different exploits out in the wild for this vulnerability. Disabling JavaScript is an effective countermeasure for all the exploits he has seen up to this point.

Disabling JavaScript is easy. This is how it can be done in Acrobat Reader:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

It is important to remember that the Javascript workaround does not address the buffer overflow hole directly, but mitigates the only known exploitation path at this point (heap spraying to get shellcode into the heap..thus triggering the buffer overflow).

No comments:

Post a Comment