Links
Adobe Acrobat, Reader and Flash Remote Exploit Vulnerability
GSA Reference Number: AD090722-01
Simply Put: Adobe Acrobat, Reader, and Flash have a remote code execution vulnerability currently being exploited on the Internet. Adobe does not have a patch available at this time. This vulnerability can be exploited by a malicious website to load arbitrary code or take control of a victim’s PC.
Vulnerability Details: The attack stems from an issue loading malicious Flash (.swf) files, either by themselves or embedded within pdf documents. Successful exploitation can result in remote code execution. If an attack is unsuccessful, it may still cause a denial of service. No user interaction is required, other than browsing a malicious website. The attacks affect the following software:
- Adobe Reader 9.1.2
- Adobe Flash Player 9
- Adobe Flash Player 10
- Adobe Acrobat Standard 9.1.2
- Adobe Acrobat Professional 9.1.2
Countermeasures: Adobe has acknowledged that there is a vulnerability; however it does not have a patch or countermeasures available at this time. Therefore, Gladiator recommends that users remove Adobe products from servers if they are not currently needed for business purposes. Furthermore, Gladiator recommends that administrators warn their users of the risks of opening pdf documents acquired over the Internet or email.
Reference Links:
- Adobe PSIRT (http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html)
- Security Focus (http://www.securityfocus.com/bid/35759)
- Symantec Bulletin (http://www.symantec.com/en/ca/business/security_response/print_writeup.jsp?docid=2009-072209-2512-99)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=6847)