Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Flaw--Malicious PDFs


  • Please log in to reply
6 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:29 AM

Posted 20 February 2009 - 10:02 AM

http://www.pcworld.com/article/159895/adob...tml?tk=rss_news
Read complete article in link above.

Adobe Flaw Heightens Risk of Encountering Malicious PDFs
Jeremy Kirk, IDG News Service

...The flaw affects version 9 of Reader and Acrobat as well as earlier versions, according to Adobe's advisory. A buffer overflow condition can be triggered by opening a specially-crafted PDF, which gives the attackers control of the computer. Shadowserver wrote that the flaw could be exploited on systems running Microsoft's Windows XP SP3.

Adobe called the flaw "critical," it's most severe rating, and said it will release a patch for Reader 9 and Acrobat 9 by March 11. The company said patches for version 8 of Reader and Acrobat will follow, then finally for version 7 of Reader and Acrobat.....

...There are a couple of defenses PC users can employ until the patch arrives. Users should not open PDFs from untrusted sources, Symantec said. Also, since the attack relies on JavaScript, users can disable that function in Acrobat and Reader, Shadowserver advised....


To disable JavaScript in Adobe Reader:
Open Adobe Reader
Click on Edit
Click on Preferences
Click on Java Script in Sidebar
Uncheck "Enable Acrobat Java Script"
Click OK

Edited by buddy215, 20 February 2009 - 10:59 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 20 February 2009 - 03:40 PM

Ladies and Gentlemen, please stay updated with Adobe Reader.

To update Adobe Reader manually, go to the start menu and search for Adobe Reader. Any version you have, start the program.

When Adobe Reader Launches, click the Help menu at the top, then click Check for Updates.

Security updates are now ready for Adobe Reader as we speak!

Edited by Jay-P VIP, 20 February 2009 - 03:41 PM.


#3 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio

Posted 21 February 2009 - 12:34 PM

Thank you for the information buddy215. I have done what you recommended. I also checked for updates as Jay-P VIP said. No update.

#4 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 26 February 2009 - 05:55 AM

Hi,
I came across this post and decided to check the updates, found out there were and installed them. I have a couple of questions though. I very rarely use Adobe in fact I only use it to look at PDF files online so is it ok for me to uncheck the Java option or will the vulnerability be fixed now with the update?. Secondly I noticed when I clicked on the Internet setting in the sidebar I noticed that Internet speed was set at 56k which of course is the slowest speed and nowadays only used with dial up connections. As I have a 4MB fast ethernet broadband connection what should I set the speed at or is it a default and cannot be altered?.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#5 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:29 AM

Posted 26 February 2009 - 08:00 AM

Adobe has not released any updates/patches for the flaw mentioned in my first post.

http://www.adobe.com/support/security/advi.../apsa09-01.html
Reports have been published that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Should users choose to disable JavaScript, it can be accomplished following the instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

A security bulletin will be published on as soon as product updates are available.
http://www.adobe.com/support/security/
Bulletins and advisories for this month

APSB09-02 Updates available for RoboHelp and RoboHelp Server Cross-Site Scripting issues 2/24/2009
APSB09-01 Flash Player update available to address security vulnerabilities 2/24/2009
APSA09-01 Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat 2/19/2009
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 CCRN396

CCRN396

  • Members
  • 505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:29 AM

Posted 26 February 2009 - 10:59 AM

Grinler wrote a brief article covering this. You can find it here. In the reply section, another user suggested using Foxit Reader instead of Adobe as a way to stay secure. I'm currently trying that out on one of my machines. So far I have not had any issues with Foxit.

#7 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 26 February 2009 - 02:43 PM

CCRN396 -- many of us have been bouncing from this topic to that topic. I totally agree. I just did the switch recently by removing Adobe Reader 9 (a pain to remove) and replacing that with Foxit Reader. Make sure if you would like to use Foxit Reader, uninstall Adobe Reader first before installing Foxit reader -- or else Foxit Reader will lock the Registry keys.

The Registry Keys are located in HKLM -- based around Classes .pdf and in Software>CurrentVersion>Run.
These are not the full registry keys, just referenced. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users