Another Adobe Reader Zero Day Vulnerability In The Wild

15 Dic/09

Adobe Reader and Adobe Acrobat have been hit with yet another zero day vulnerability that is affecting all versions of both programs up to Adobe Reader and Adobe Acrobat 9.2. The vulnerability has been disclosed to the public by Adobe’s Security Response team who wrote in their blog that they “are currently investigating this issue and assessing the risk to [their] customers”.

Adobe itself did not reveal details about the exploit in the blog post but a post at the Shadowserver website which is run by security volunteers from around the world. According to information posted on their website the exploit has been in the wild since at least December 11. The number of attacks have been limited and targeted so far according to their information. They do expect the “exploit to become more wide spread in the next few weeks” with the potential to become fully public in the same timeframe.

The security researchers did not want to reveal all the information about the vulnerability but mentioned that it was found in the JavaScript function in Adobe Acrobat and Adobe Reader.

With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult. On the bright side though, there are some solutions to this problem.

A temporary fix was also published on the same website.

We have said it before and we will say it again: Disable JavaScript.

Disabling JavaScript is easy. This is how it can be done in Acrobat Reader:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

We have not had time to fully test but enabling hardware DEP for systems that support it may also mitigate this issue.

Adobe users are encouraged to disable JavaScript as soon as possible to block their version of the program from being vulnerable.

Tags: , , , ,

Related posts

Continua a leggere – Original Link: Another Adobe Reader Zero Day Vulnerability In The Wild

Technorati Tags: , , , , , , , , , ,

Leggi Anche

Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in Tecnorati


I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.


    Spina Rosario
    Inserito da
Gestionale Immobiliare - Realizzazione Sito Web per Agenzia Immobiliare


Iscrizione Newsletter

    Tieniti informato http://con tutte le novità del mondo informatico con la nostra newsletter


    Auto Shop Italia
    Web Burning Blog
    Info Privacy