-
April 29th, 2009, 05:12 PM
#1
Adobe 0-day
Adobe is at it again ..
http://secunia.com/advisories/34924/
There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.
Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.
Exploits are OUT !..
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
April 30th, 2009, 04:02 PM
#2
Originally Posted by ByTeWrangler
I wonder if this will effect "other" pdf clones using plugins for your favorite linux browser. This is similar to the boobytrapped ".zip" trojan that open-source developers used in their programs.
-
May 3rd, 2009, 10:19 AM
#3
I have just run Secunia PSI against the Foxit reader and it doesn't report any vulnerabilities. They have done so in the past so it is an app. that they monitor.
-
May 5th, 2009, 08:26 AM
#4
There is a workaround (I should have posted this with the original post, but pardon me I had CISSP coming up in few days) ..
In the meantime, you can perform mitigation steps by disabling JavaScript in Reader and Acrobat:
Launch Acrobat or Adobe Reader.
Select Edit>Preferences
Select the JavaScript Category
Uncheck the ‘Enable Acrobat JavaScript’ option
Click OK
Links :
http://www.adobe.com/support/securit...apsa09-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1493
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By t34b4g5 in forum Security News
Replies: 0
Last Post: October 21st, 2008, 03:15 PM
-
By Computernerd22 in forum AntiOnline's General Chit Chat
Replies: 5
Last Post: September 22nd, 2005, 11:24 AM
-
By ZT3000 in forum General Computer Discussions
Replies: 1
Last Post: March 8th, 2005, 03:57 PM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: March 8th, 2004, 04:52 PM
-
By instronics in forum Microsoft Security Discussions
Replies: 0
Last Post: March 28th, 2003, 12:52 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|