http://secunia.com/advisories/41340/
A vulnerability has been discovered in Adobe Reader, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the font parsing in CoolType.dll and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PDF file.
The vulnerability is confirmed in versions 8.2.4 and 9.3.4. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
SOLUTION:
Do not open untrusted files.
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
ORIGINAL ADVISORY:
http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html
----------------------------------------------------------------------------------------------
As noted in the Contagio Blog, AV detection for the new PDF and the resulting dropped malware is very poor - about 2-3% (e.g. 1 or 2 out of 43 AVs).
Based on other information that I have seen, I would recommend users disable JavaScript inside Adobe Reader.
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
The author of the Contagio Blog states that Adobe Security had a copy of the new malicious PDF and is analyzing it.
No comments:
Post a Comment