Monday, December 14, 2009

New Adobe Reader and Acrobat Vulnerability

Via Adobe's PSIRT Blog (Dec 14, 2009) -

This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild. We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.

-------------------------

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214

With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult.

We have said it before and we will say it again: Disable JavaScript.

Disabling JavaScript is easy. This is how it can be done in Acrobat Reader:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript


We have not had time to fully test but enabling hardware DEP for systems that support it may also mitigate this issue.

No comments:

Post a Comment