Gladiator Research and Security

GSA Reference Number: AD090220-01

Simply Put: Adobe Acrobat 9 and Reader 9 and earlier versions contain an unpatched critical vulnerability that allows arbitrary code execution.  Adobe has released an advisory on this issue, but a patch will not be released until March 11th.  A workaround has been published that will prevent code execution, but the application will still crash.

Vulnerability Details: The attack occurs when a user opens a malicious PDF document in either Acrobat or Reader.  The PDF contains malicious javascript code that is then executed by the application.  This code will exploit the vulnerability to possibly take control of the system.

Countermeasures: Adobe will not be releasing an update until March 11th.  This update will cover Adobe Acrobat  9 and Reader 9 only.  Updates to earlier versions will be released at a later time.  Shadowserver.org has published a workaround for this vulnerability to disable javascript in the application.  Since this attack relies on javascript, the exploit will not work without it.  The malicious PDF will still crash the Adobe applications, but the system will not be compromised.  This workaround will need to be applied to all machines with Acrobat and Reader installed.  To disable javascript, perform the following actions in the application:

1. Go to the Edit menu
2. Click Preferences
3. Go to the JavaScript category
4. Uncheck “Enable Acrobat JavaScript”
5. Click OK

PTMR Customers: Since there is no patch available at this time, there is no rollout to schedule yet.  However, PTMR will test and deploy this patch as soon as one becomes available.  Follow the above workaround to mitigate this vulnerability.

Related Links:

• Adobe Advisory (http://www.adobe.com/support/security/advisories/apsa09-01.html)
• Shadowserver Foundation Advisory (http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219)
• SANS Internet Storm Center (http://isc.sans.org/diary.html?storyid=5905)