«
»

Another Adobe Acrobat Reader 0-Day Exploit

Posted by chris on Thursday, January 7, 2010 – 4:13 AM      
Filed under 0day, adobe, malware, patch, security
Tagged as

Here we go again. This isn’t news hot off the press, but I decided I should post about it here just in case some of you have missed it. There has been another Adobe Acrobat Reader exploit, CVE 2009-4324. Since it was first disclosed back in the middle of December, it has grown even nastier. The Internet Storm Center over at sans.org has a good analysis of one of the current variants.

There are still a couple days before Adobe releases a patch, which will finally be released on Jan 12. Adobe suggests you disable Java support until then. This is not the first time this has happened. What I’m suggesting is that even after this is patched, just keep Java disabled. If you open a PDF file that requires Java support, you could always turn it back on. With so many exploits in the wild, and how long it takes for the anti virus vendors to discover them, this one won’t be fixed for almost a month since it was first disclosed publicly, it’s better safe than sorry. Just disable Java support for good. Here’s how to disable Java support in Adobe Acrobat Reader

quoted from Adobe.com

SOLUTION

Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.

Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Customers using Microsoft DEP (“Data Execution Prevention”) functionality available in certain versions of Microsoft Windows are at reduced risk in the following configurations:

All versions of Adobe Reader 9 running on Windows Vista SP1 or Windows 7
Acrobat 9.2 running on Windows Vista SP1 or Windows 7
Acrobat and Adobe Reader 9.2 running on Windows XP SP3
Acrobat and Adobe Reader 8.1.7 running on Windows XP SP3, Windows Vista SP1, or Windows 7
With the DEP mitigation in place, the impact of this exploit has been reduced to a Denial of Service during our testing.

Watch your docs and surf safe

Comments RSS Feed   Post a comment   Trackback URL   Share on Twitter   Share on Facebook

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*