Adobe Flaw--Malicious PDFs

Adobe Flaw--Malicious PDFs Adobe Flaw Heightens Risk of Encountering Malicious PDFs

#1 buddy215

Forum Addict

Group: BC Advisor
Posts: 4,490
Joined: 14-April 06
Gender:Male
Location:West Tennessee

Posted 20 February 2009 - 10:02 AM

http://www.pcworld.com/article/159895/adob...tml?tk=rss_news
Read complete article in link above.

Adobe Flaw Heightens Risk of Encountering Malicious PDFs
Jeremy Kirk, IDG News Service

...The flaw affects version 9 of Reader and Acrobat as well as earlier versions, according to Adobe's advisory. A buffer overflow condition can be triggered by opening a specially-crafted PDF, which gives the attackers control of the computer. Shadowserver wrote that the flaw could be exploited on systems running Microsoft's Windows XP SP3.

Adobe called the flaw "critical," it's most severe rating, and said it will release a patch for Reader 9 and Acrobat 9 by March 11. The company said patches for version 8 of Reader and Acrobat will follow, then finally for version 7 of Reader and Acrobat.....

...There are a couple of defenses PC users can employ until the patch arrives. Users should not open PDFs from untrusted sources, Symantec said. Also, since the attack relies on JavaScript, users can disable that function in Acrobat and Reader, Shadowserver advised....

To disable JavaScript in Adobe Reader:
Open Adobe Reader
Click on Edit
Click on Preferences
Click on Java Script in Sidebar
Uncheck "Enable Acrobat Java Script"
Click OK

This post has been edited by buddy215: 20 February 2009 - 10:59 AM

#2 Guest_Jay-P VIP_*

Group: Guests

Posted 20 February 2009 - 03:40 PM

Ladies and Gentlemen, please stay updated with Adobe Reader.

To update Adobe Reader manually, go to the start menu and search for Adobe Reader. Any version you have, start the program.

When Adobe Reader Launches, click the Help menu at the top, then click Check for Updates.

Security updates are now ready for Adobe Reader as we speak!

This post has been edited by Jay-P VIP: 20 February 2009 - 03:41 PM

#3 Layback Bear

Forum Addict

Group: Members
Posts: 1,842
Joined: 12-September 06
Gender:Male
Location:Northern Ohio

Posted 21 February 2009 - 12:34 PM

Thank you for the information buddy215. I have done what you recommended. I also checked for updates as Jay-P VIP said. No update.

#4 bluesjunior

Distinguished Member

Group: Members
Posts: 712
Joined: 06-October 06

Posted 26 February 2009 - 05:55 AM

Hi,
I came across this post and decided to check the updates, found out there were and installed them. I have a couple of questions though. I very rarely use Adobe in fact I only use it to look at PDF files online so is it ok for me to uncheck the Java option or will the vulnerability be fixed now with the update?. Secondly I noticed when I clicked on the Internet setting in the sidebar I noticed that Internet speed was set at 56k which of course is the slowest speed and nowadays only used with dial up connections. As I have a 4MB fast ethernet broadband connection what should I set the speed at or is it a default and cannot be altered?.

Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#5 buddy215

Forum Addict

Group: BC Advisor
Posts: 4,490
Joined: 14-April 06
Gender:Male
Location:West Tennessee

Posted 26 February 2009 - 08:00 AM

Adobe has not released any updates/patches for the flaw mentioned in my first post.

http://www.adobe.com/support/security/advi.../apsa09-01.html
Reports have been published that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Should users choose to disable JavaScript, it can be accomplished following the instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

A security bulletin will be published on as soon as product updates are available.
http://www.adobe.com/support/security/
Bulletins and advisories for this month

APSB09-02 Updates available for RoboHelp and RoboHelp Server Cross-Site Scripting issues 2/24/2009
APSB09-01 Flash Player update available to address security vulnerabilities 2/24/2009
APSA09-01 Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat 2/19/2009

#6 CCRN396

Senior Member

Group: Members
Posts: 476
Joined: 21-July 08
Gender:Male

Posted 26 February 2009 - 10:59 AM

Grinler wrote a brief article covering this. You can find it here. In the reply section, another user suggested using Foxit Reader instead of Adobe as a way to stay secure. I'm currently trying that out on one of my machines. So far I have not had any issues with Foxit.

Avira Antivirus-Comodo Firewall-SUPERAntiSpyware Free-Malwarebytes Anti-Malware-Secunia Personal Software Inspector-Windowsupdate

#7 Guest_Jay-P VIP_*

Group: Guests

Posted 26 February 2009 - 02:43 PM

CCRN396 -- many of us have been bouncing from this topic to that topic. I totally agree. I just did the switch recently by removing Adobe Reader 9 (a pain to remove) and replacing that with Foxit Reader. Make sure if you would like to use Foxit Reader, uninstall Adobe Reader first before installing Foxit reader -- or else Foxit Reader will lock the Registry keys.

The Registry Keys are located in HKLM -- based around Classes .pdf and in Software>CurrentVersion>Run.
These are not the full registry keys, just referenced. :thumbsup: