[OPLINTECH] Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

Ron Woods woodsro at oplin.org
Thu Mar 5 09:27:06 EST 2009 

I didn't know if everyone was aware of this or note, but I guess Adobe
Reader and Acrobat Products are being effected by a Buffer Overflow Exploit.
It is still a way off before it will be patched.


In the Interim, disabling Acrobat JavaScript can mitigate the issue. Also,
If your Computer's Processor Supports it, you can enabled Hardware Based
DEP(Data Execution Prevention) On Windows XP/Vista/Ser 2003/Server 2008.


Here is an article from Microsoft showing how to enable DEP. By default, DEP
only runs for Windows program and services, not all applications on the
computer(though I do believe Server 2003 and Server 2008 opt-in to running
everything under DEP by default) but this article shows how to turn it on
for XP SP2 or later, the process is simliair for Vista


 <http://technet.microsoft.com/en-us/library/cc700810.aspx>
http://technet.microsoft.com/en-us/library/cc700810.aspx


This article goes more in-depth and teaches op-tin, opt-out, etc


 <http://support.microsoft.com/kb/875352>
http://support.microsoft.com/kb/875352


Just figured I'd pass the news along since this is being actively exploited
in the wild


I attached the Advisory from Adobe below.


Ron Woods

Computer Services Manager

St.Clairsville Public Library


__________________________________________________________________________


Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and
Acrobat 


Release date: February 19, 2009

Vulnerability identifier: APSA09-01

CVE number: CVE-2009-0658

Platform: All platforms


Summary


A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9
and earlier versions. This vulnerability would cause the application to
crash and could potentially allow an attacker to take control of the
affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve
the relevant security issue. Adobe expects to make available an update for
Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Adobe is planning to make
updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, available by March
18th. In the meantime, Adobe is in contact with anti-virus and security
vendors, including McAfee, Symantec and others, on this issue in order to
ensure the security of our mutual customers. More information on protection
for this issue from anti-virus and security vendors is now available on the
Adobe Product Security Incident <http://blogs.adobe.com/psirt/>  Response
Team blog. 

Reports have been published that disabling JavaScript in Adobe Reader and
Acrobat can protect users from this issue. Disabling JavaScript provides
protection against currently known attacks. However, the vulnerability is
not in the scripting engine and, therefore, disabling JavaScript does not
eliminate all risk. Should users choose to disable JavaScript, it can be
accomplished following the instructions below:

1.	Launch Acrobat or Adobe Reader. 
2.	Select Edit>Preferences 
3.	Select the JavaScript Category 
4.	Uncheck the 'Enable Acrobat JavaScript' option 
5.	Click OK 

A security bulletin will be published on
http://www.adobe.com/support/security
<http://www.adobe.com/support/security/>  as soon as product updates are
available.

All documented security vulnerabilities and their solutions are distributed
through the Adobe security notification service. You can sign up for the
service at the following URL:
http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert 


Affected software versions


Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions


Severity rating


Adobe categorizes this as a critical
<http://www.adobe.com/devnet/security/security_zone/severity_ratings.html>
issue and recommends that users update their virus definitions and exercise
caution when opening files from untrusted sources.


Revisions


February 24, 2008 - Advisory updated
February 19, 2009 - Advisory first created

 

http://www.adobe.com/support/security/advisories/apsa09-01.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20090305/d27ef278/attachment.html

More information about the OPLINTECH mailing list