QuoteA vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is available.
Successful exploitation allows execution of arbitrary code.
NOTE: Reportedly, the vulnerability is currently being actively exploited.
Extremely critical
http://secunia.com/advisories/33901/ (http://secunia.com/advisories/33901/)
Adobe Security Advisory: http://www.adobe.com/support/security/advisories/apsa09-01.html
From US-CERT: http://www.us-cert.gov/current/index.html#adobe_releases_security_bulletin_for1
QuoteUS-CERT encourages users to take the following actions to help mitigate the risks:
* Review Adobe Security Bulletin APSA09-01.
* Review US-CERT Vulnerability Note VU#905281.
* Review US-CERT Technical Cyber Security Alert TA09-051A.
* Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check "Enable Acrobat JavaScript").
* Prevent Internet Explorer from automatically opening PDF documents.
* Disable the displaying of PDF documents in the web browser. This can be disabled in the the General preferences dialog (Edit, Preferences, Internet, and un-check "Display PDF in browser").
* Use caution when opening untrusted PDF files.
* Install antivirus software, and keep virus signatures up to date.
US-CERT will provide additional information as it becomes available.
If you're a WinPatrol user, click on the ActiveX tab and sort by company name to find your Adobe components. Select the Acrobat reader and click on Disable.
It has now been shown that disabling Javascript is not sufficient to mitigate this threat, please see http://secunia.com/blog/44/
Until Adobe Reader get rid of its birdie flu it is maybe a good idea using another PDF-reader e.g PDF-XCHANGE VIEWER (http://www.docu-track.com/home/prod_user/PDF-XChange_Tools/pdfx_viewer)
Thank you, stealthzone. I take it that, unlike Foxit, there is no unexpected add-on with PDF-XCHANGE VIEWER.
(Re Foxit: http://securitygarden.blogspot.com/2009/02/beware-foxit-reader-includes-asktoolbar.html )
Hi Corrine
After I posted my latest writeup, I made your blog and saw that ASK toolbar comes with Foxit, I had to alert GR@PH;<'S so he could make a lil change for me ;) . Thanks GR@PH;<'S :)
That explains the change. Thanks for reading my blog. :)
stealthzone,
QuoteThanks GR@PH;<'S
Your welcome :goodie:
-
@ Corrine you mean there are still people that do not read your
Securitygarden (http://securitygarden.blogspot.com/2009/02/beware-foxit-reader-includes-asktoolbar.html) blog :tease:
GR@PH;<'S :Hammys pint:
Update :
Quote"With Adobe's patch for the current PDF vulnerability still some time away, news has emerged of more techniques that are available to exploit the vulnerability, this time without needing the victim to actually open a malicious file. Instead, the methods make use of a Windows Explorer Shell Extension that is installed alongside Adobe Reader, and which will trigger the exploitable code when the file is interacted with in Windows Explorer. Methods have been demonstrated of successful exploitation with a single click, with thumbnail view, and with merely hovering the mouse cursor over the affected file. There are many ways that exploits targeting the JBIG2 vulnerability could be hidden inside a PDF file, and it seems that the reliability of detection for these varying methods is spotty, at best."
http://it.slashdot.org/article.pl?sid=09/03/05/1328244 (http://it.slashdot.org/article.pl?sid=09/03/05/1328244)
More about the issue here:
http://www.beskerming.com/commentary/2009/03/05/430/An_Interesting_Result_for_JBIG2_PDF_Vulnerability (http://www.beskerming.com/commentary/2009/03/05/430/An_Interesting_Result_for_JBIG2_PDF_Vulnerability)
Finally updated!
Security Updates available for Adobe Reader and Acrobat (http://www.adobe.com/support/security/bulletins/apsb09-04.html)
Release date: March 18, 2009
Vulnerability identifier: APSB09-04
CVE number: CVE-2009-0658, CVE-2009-0927
Platform: Windows and Macintosh
Summary
Critical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658).
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can't update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.
These updates resolve the issue from Security Advisory APSA09-01 (http://www.adobe.com/go/apsa09-01) and Security Bulletin APSB09-03 (http://www.adobe.com/go/apsb09-03/). Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action. Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24.
Update to Adobe Reader 9.1, available here: http://get.adobe.com/reader/
Adobe Product Security Incident Response Team (PSIRT): Adobe Reader Issue Update (http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html)
QuoteA Security Advisory has been posted in regards to the Adobe Reader vulnerability last mentioned in the Adobe PSIRT blog on April 28 ("Update to Adobe Reader Issue", CVE-2009-1492). We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X.
Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix (first mentioned in our April 28 post). This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate.
In the meantime, to mitigate both issues disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
Adobe is in contact with Antivirus and Security vendors regarding both of these issues in order to ensure the security of our mutual customers.
We will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided "AS IS" with no warranties and confers no rights.
It has been strongly recommended by members of the security community that consideration be given to an alternative reader. See http://pdfreaders.org/
(Note: Foxit Pdf Reader is not recommended as it includes the Ask Toolbar and ebay desktop shortcut. It has been reported that there is reduced functionality when those add-ons are not included.)