Results 1 to 4 of 4

Thread: Adobe 0-day

  1. #1

    Adobe 0-day

    Adobe is at it again ..


    http://secunia.com/advisories/34924/

    There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.

    Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.
    Exploits are OUT !..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Quote Originally Posted by ByTeWrangler View Post
    Adobe is at it again ..


    http://secunia.com/advisories/34924/



    Exploits are OUT !..
    I wonder if this will effect "other" pdf clones using plugins for your favorite linux browser. This is similar to the boobytrapped ".zip" trojan that open-source developers used in their programs.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I have just run Secunia PSI against the Foxit reader and it doesn't report any vulnerabilities. They have done so in the past so it is an app. that they monitor.

  4. #4
    There is a workaround (I should have posted this with the original post, but pardon me I had CISSP coming up in few days) ..

    In the meantime, you can perform mitigation steps by disabling JavaScript in Reader and Acrobat:
    Launch Acrobat or Adobe Reader.
    Select Edit>Preferences
    Select the JavaScript Category
    Uncheck the ‘Enable Acrobat JavaScript’ option
    Click OK


    Links :

    http://www.adobe.com/support/securit...apsa09-02.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1492
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1493
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Similar Threads

  1. Adobe shutters Clickjacking flaw
    By t34b4g5 in forum Security News
    Replies: 0
    Last Post: October 21st, 2008, 03:15 PM
  2. Help with Adobe
    By Computernerd22 in forum AntiOnline's General Chit Chat
    Replies: 5
    Last Post: September 22nd, 2005, 11:24 AM
  3. Speed up Adobe Acrobat Reader loading
    By ZT3000 in forum General Computer Discussions
    Replies: 1
    Last Post: March 8th, 2005, 03:57 PM
  4. Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: March 8th, 2004, 04:52 PM
  5. Adobe Acrobat/Reader security problem.
    By instronics in forum Microsoft Security Discussions
    Replies: 0
    Last Post: March 28th, 2003, 12:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •