February 21, 2009

Adobe 0-day being exploited

There are multiple reports circulating the Internet about current attacks exploiting an unpatched (0-day) vulnerability in Adobe products that is currently being actively exploited. It affects just about all recent versions of Acrobat Reader and Adobe Acrobat including v7, v8, and v9 and the issue appears to be a buffer overflow in the PDF Javascript processor. Javascript is allowed and enabled by default. The remediation/workaround is to disable the Javascript functionality in the Adobe products.

Additional reports are coming out that this exploit that was discovered may have been around as long ago as December 2008.

Adobe has released a bulletin and reports that they will have a patch released around March 11. I would recommend applying the workaround of disabling Javascript until the patch is released.

Remediation:
* Change Registry value "bEnableJS" to "0":
HKCU\Software\Adobe\Acrobat Reader\8.0\JSPrefs
HKCU\Software\Adobe\Adobe Reader\8.0\JSPrefs

No comments: