Tuesday, April 28, 2009

Adobe PDF Zero-Day Update: Turn off JavaScript

Via ThreatPost.com -

Adobe's security response team is scrambling to investigate new public reports of a new zero-day vulnerability affecting uses of its widely deployed PDF Reader software.

In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating a code execution flaw, which affects Adobe Reader 9.1 and 8.1.4.

“We are currently investigating, and will have an update once we get more information,” according to Adobe’s David Lenoe.

A separate advisory posted to securityfocus.com offers some additional details:

Adobe Reader ‘getAnnots()’ Javascript Function Remote Code Execution Vulnerability

Adobe Reader is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected.

In the absence of a patch, users should beware of strange PDF files arriving via e-mail, even if it comes from a trusted source. Malware authors embed exploits in rigged PDF files to launch targeted attacks.

If you must use PDF in your normal workflow, you should strongly consider an alternative product. A list of alternatives is available at pdfreaders.org.


Adobe now confirms that all currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue.

As a temporary mitigation, the company recommends that users disable JavaScript in Adobe Reader and Acrobat using the following instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK


I went ahead and turned off JavaScript in FoxIT Reader as well.

Exploit PoC - http://thatsbroken.com/examples/getannots.txt

No comments:

Post a Comment