Results 1 to 3 of 3

Thread: *Heads up* Adobe Vulnerability Exploited in Targeted Attacks

  1. #1

    *Heads up* Adobe Vulnerability Exploited in Targeted Attacks

    I'm just going to copy paste here.. (3:40 in the morning, tired; studying for CCIE - Security, written )

    From ISC


    Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today [1]. The post reveals that a critical vulnerability, CVE-2009-3459, is now being exploited in the wild in targeted attacks. The vulnerability affects Adobe 9.1.3 on Windows, Unix and OS X. However, the exploits have been limited to Windows so far.

    An update scheduled to be released on Oct 13th should fix the problem. Until then, Windows users are advised to enable DEP. Anti malware vendors have been informed by Adobe.

    This vulnerability does not require Javascript. If you disabled Javascript in the past, it will not protect you in this case. Another workaround I found helpful: You can "clean" PDF documents by first converting them into another format (like Postscript) and then back into PDF. However, this is not 100% certain to remove the exploit and you may infect the machine that does the conversion as it will likely still use the vulnerable libraries to convert the document. But the likelyhood of this happening is quite low.
    http://blogs.adobe.com/psirt/2009/10...t_issue_1.html
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    I read this just as i was going to shut down

    Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    Crap..... I just spent 7 hours installing new adobe products for a client and ensuring they were all updated to 9.1.3 ........ This included Adobe Reader 9.1.3 on EVERY computer plus various adobe retail products such as creator and acrobat.

    Of course, the silver lining is now I can charge for preventing yet another security exploit *sigh* I love my job...

    Hopefully the issue will get resolved in their next update release.... otherwise it simply leaves a larger timeframe for more potential damage to be done.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

Similar Threads

  1. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 03:03 AM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  5. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •