Adobe Reader Exploit in the Wild

Hi All,

Just passing this info on. I just read on The Register that fully updated and patched Adobe Reader applications running on fully patched Windows systems are vulnerable to a new exploit. The original info from the Reg. article is at Shadow Server but Adobe fully recognizes the Vulnerability here. More info from US-CERT here.

Apparently, this exploit leverages a known vulnerability in the way MS Windows XP/2003 handles URIs. Using that vulnerability, it is possible to open a trojaned pdf file and have your PC injected with arbitrary commands.

The "Fix" stated in that article is to disable Acrobat Javascript (We all have Javascript off already right???). I can assume (but have not tested) that the Firefox NoScript add-on can save you from this. Adobe, on the other hand, "strongly recommends" updating to 8.1.1 of the Adobe Acrobat (Reader) application.

Here is a quote from pdp of GNUCitizen (credited with the find)
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows

I am closing the season with the following HIGH Risk vulnerability:
Adobe Acrobat/Reader PDF documents can be used to compromise your
Windows box. Completely!!! Invisibly and unwillingly!!! All it takes
is to open a PDF document or stumble across a page which embeds one.

The issue is quite critical given the fact that PDF documents are in
the core of today's modern business. This and the fact that it may
take a while for Adobe to fix their closed source product, are the
reasons why I am not going to publish any POCs. You have to take my
word for it. The POCs will be released when an update is available.

Adobe's representatives can contact me from the usual place. My advise
for you is not to open any PDF files (locally or remotely). Other PDF
viewers might be vulnerable too. The issues was verified on Windows XP
SP2 with the latest Adobe Reader 8.1, although previous versions and
other setups are also affected.

A formal summary and conclusion of the GNUCITIZEN bug hunt to be expected soon.

cheers

--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org



-Tim
Posted on 12:22 AM by Tim Cronin and filed under , , | 5 Comments »

5 comments:

Anonymous said... @ November 8, 2009 at 9:22 PM

generic soft tab viagra does watermelon have viagra effect ship free viagra sample viagra from india viagra sample super viagra pro cheap cheap viagra viagra patent viagra rrp australia cost cheapest viagra in uk natural herbs used as viagra viagra shelf life viagra or cealis viagra online uk

Anonymous said... @ July 5, 2010 at 11:11 AM

[u]hi all, i found this website and wonder if anyone purchased cookbook software from them ?[/u]

Anonymous said... @ January 31, 2013 at 7:32 PM

top [url=http://www.001casino.com/]001[/url] brake the latest [url=http://www.casinolasvegass.com/]casino games[/url] unshackled no consign reward at the chief [url=http://www.baywatchcasino.com/]no lay reward
[/url].

Anonymous said... @ March 29, 2013 at 2:59 PM

mexdwertydutt xaikalitag unotsunuctusy [url=http://uillumaror.com]iziananatt[/url] Immorrobe http://gusannghor.com Wamndwedgeges

Unknown said... @ March 22, 2014 at 5:35 AM

Thanks for the post showing us how to post a link in a comment. It has been coming in very useful.

Adobe Support