Hosted Environments
Managed Application Hosting, Web Hosting, and Mail Hosting Services. Superior performance, reliability and personalized service.

Call Us : 866-764-8324 (TECH)

Email : support@hostedenvironments.net

Zero Day Adobe Reader Vulnerability Makes PDF Files Dangerous

Mon, 23rd February, 2009 - Posted by Administration

Zero Day Adobe Reader Vulnerability Makes PDF Files Dangerous
Severity: High
20 February, 2009

Summary:
This vulnerability affects: Adobe Reader and Acrobat 9 and earlier, on Windows, Mac, *nix computers
How an attacker exploits it: By enticing your users into viewing a maliciously crafted PDF document
Impact: An attacker can execute code on your computer, potentially gaining control of it
What to do: Implement the workarounds described in the Solutions section of this alert

Exposure:
Late yesterday, both the Shadowserver Foundation and Adobe warned of a critical, unpatched buffer overflow vulnerability that affects Adobe Reader and Acrobat 9 (and potentially all earlier versions) on any platform that can run them. The Shadowserver Foundation first discovered attackers actively exploiting this new vulnerability in the wild. Since Adobe just learned about this flaw, they don’t describe it in much detail. They only describe how attackers exploit it. By enticing you into downloading and opening a malicious PDF document, an attacker could exploit this unpatched buffer overflow vulnerability to execute code on your user’s computer, with that user’s privileges. If the user was a local administrator, then the attacker would gain complete control of that user’s machine.

Since attackers are actively exploiting this vulnerability in the wild and Adobe hasn’t had time to patch it yet, this flaw poses a serious risk to Adobe Reader users. According to their advisory, Adobe plans to release a patch for this vulnerability on Wednesday, March 11. Until then, we recommend you implement the workarounds described below to mitigate the risk of this dangerous zero day attack.

Solution Path
Adobe has not had time to release a patch for this zero day vulnerability. However, the workarounds described below should mitigate the risk of attacks currently circulating in the wild.

Please remain wary of unsolicited PDF documents arriving via email. If you don’t absolutely need the document, and trust the entity it came from, you should avoid opening it until the patch for Adobe Reader is released.

We use Enterprise antivirus (AV) software and make sure that it’s up to date. Some AV companies already have signatures for these malicious PDF files. Other AV companies will surely follow.

Disable JavaScript in Adobe Reader. According to Shadowserver, disabling JavaScript in Adobe Reader prevents the current exploits from installing malware on your system. The Reader may still crash, but the actual attack will not succeed. To disable JavaScript in Adobe Reader, click Edit => Preferences => JavaScript and then uncheck Enable Acrobat JavaScript. Keep in mind, this prevents JavaScript from running in legitimate PDF documents as well.

We will update this alert when Adobe releases a patch on March 11.

Category : Security
Share/Save/Bookmark

You must be logged in to post a comment.