-
April 29th, 2009 05:12 PM
#1
Adobe 0-day
Adobe is at it again .. 
http://secunia.com/advisories/34924/
There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.
Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.
Exploits are OUT !.. 
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD* 
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
April 30th, 2009 04:02 PM
#2
 Originally Posted by ByTeWrangler
I wonder if this will effect "other" pdf clones using plugins for your favorite linux browser. This is similar to the boobytrapped ".zip" trojan that open-source developers used in their programs.
-
May 3rd, 2009 10:19 AM
#3
I have just run Secunia PSI against the Foxit reader and it doesn't report any vulnerabilities. They have done so in the past so it is an app. that they monitor.
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
-
May 5th, 2009 08:26 AM
#4
There is a workaround (I should have posted this with the original post, but pardon me I had CISSP coming up in few days) ..
In the meantime, you can perform mitigation steps by disabling JavaScript in Reader and Acrobat:
Launch Acrobat or Adobe Reader.
Select Edit>Preferences
Select the JavaScript Category
Uncheck the ‘Enable Acrobat JavaScript’ option
Click OK
Links :
http://www.adobe.com/support/securit...apsa09-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1493
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By t34b4g5 in forum Security News
Replies: 0
Last Post: October 21st, 2008, 03:15 PM
-
By Computernerd22 in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: September 22nd, 2005, 11:24 AM
-
By ZT3000 in forum General Computer Discussions
Replies: 1
Last Post: March 8th, 2005, 02:57 PM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: March 8th, 2004, 03:52 PM
-
By instronics in forum Microsoft Security Discussions
Replies: 0
Last Post: March 28th, 2003, 11:52 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
|
Reply With Quote
Bookmarks