Monday, September 13, 2010

Another Adobe Zeroday: Security Advisory for Flash Player

A critical vulnerability exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.


VU#275289 - Adobe Flash unspecified code execution vulnerability


The vulnerability looks to be in Flash Player, which is an add-on that is normally added to Firefox or IE...but Flash Player is also bundled with Adobe Reader. So, if you are using Adobe Reader, then an attacker might be able to exploit a Flash vulnerability via a standard PDF file.

So what can you do?

I would suggest using an alternative PDF reader (e.g. FoxIT Reader, Sumatra PDF, Google Doc Viewer) and disabling the Flash player in your browser.

In addition, I would recommend enabling DEP for all programs on Windows XP.

If you have to use Adobe Reader, I would suggest at least using Microsoft's EMET with Adobe Reader. It isn't known if it will stop this specific zero-day, but I am going to bet it does.

Since EMET contains extra "non-standard" mitigation techniques (i.e. EAF mitigation), it is likely the attacker didn't code their exploit to bypass it...but who knows at this point. Using EMET with Adobe Reader isn't going to hurt.

No comments:

Post a Comment