Links
- Other Posts
- January Microsoft Patch Tueday
- Holiday Malware Risks
New Critical Adobe Acrobat / Reader Vulnerability
GSA Reference Number: AD091215-01
Simply Put: A new Adobe Acrobat/Reader remote code execution vulnerability has been observed in targeted attacks on the Internet. This vulnerability has been confirmed by Adobe; however, no patch is available at this time. Adobe Reader and Acrobat 9.2 and earlier versions are confirmed as vulnerable. Although this vulnerability is not in widespread use as of yet, Gladiator believes it will become so in the near future.
Attack Details: The attack uses a malicious PDF file with embedded JavaScript. Further attack details have not been released at this time; however, Adobe has recognized this as a critical vulnerability in the JavaScript engine for Adobe Reader and Acrobat. Since Adobe PDF files are opened automatically by Internet Explorer and other web browsers, this vulnerability can be exploited without the user’s knowledge if the person visits a malicious website.
Countermeasures: Gladiator recommends that administrators disable JavaScript in Adobe PDF products until a patch becomes available. The JavaScript engine for Adobe products can be disabled in the registry or manually through menu options. Instructions for disabling JavaScript have been provided by insecure.com and are linked below. Users could also choose to install a non-Adobe PDF Reader, such as Foxit Reader.
Reference Links:
- Adobe Blog Post (http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html)
- Insecure.com – how to disable Adobe JavaScript in the Registry (http://insecureweb.com/javascript/secure-yourselffrom-the-recent-pdf-exploits-by-disabling-javascript/)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7747)
- Shadowserver.org information (http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214)