Another zero day exploit targeting Adobe Reader

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6115
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
State/Province: Michigan
Country: United States

Another zero day exploit targeting Adobe Reader

Post by Wiz Feinberg »

Trend Micro (makers of PC-cillin) have identified a new PDF threat that uses the built-in JavaScript engine in Adobe Acrobat and Reader to download malicious files that open a backdoor on a Windows computer. All versions up to 9.1.3 are affected by this new "heap spray" exploit.

Adobe has indicated that it will include this vulnerability in its upcoming security update release. Meanwhile, users are recommended to disable JavaScript in Adobe Acrobat/Reader to mitigate the said attack. To do this, they should follow these steps:

1. Open Adobe Acrobat or Reader
2. Go to Edit > Preferences
3. Select JavaScript under the Categories tab
4. Uncheck “Enable Acrobat JavaScript”
5. Click OK.

I will post an update when the patch has been released to the public. In the meantime, if you don't mind losing some fancy functions when reading PDF files, just leave JavaScript disabled in Adobe Reader. This is at least the second attack exploiting this weakness in Adobe products this year. When Adobe finally fixes these heap spray attack vulnerabilities it may be safe to re-enable JavaScript.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
User avatar
Bent Romnes
Posts: 5985
Joined: 28 Feb 2007 2:35 pm
Location: London,Ontario, Canada
State/Province: -
Country: United States

Post by Bent Romnes »

Wiz, thanks for staying on top of things and warning us with all these security issues. If it hadn't been for you we wouldn't have known about it.

I would like to say that you go way above and beyond the call of duty. Thanks again!
User avatar
Michael Dene
Posts: 357
Joined: 9 Mar 2002 1:01 am
Location: Gippsland,Victoria, Australia
State/Province: -
Country: United States

Post by Michael Dene »

Wiz,

thanks from another very appreciative reader ....

20 years ago I was "well informed" on a lot of this stuff, .... now, I still am, but only 'cause you give us the heads up on stuff which otherwise I'd know nothing about!!!

:)
robert kramer
Posts: 2110
Joined: 27 Nov 1999 1:01 am
Location: Nashville TN
State/Province: -
Country: United States

Post by robert kramer »

Just diabled Java Script. Thanks again Wiz.