New zero-day JavaScript exploit targets Adobe Reader
New zero-day JavaScript exploit targets Adobe Reader
04/29/2009:
Adobe Systems Inc. confirmed on Tuesday, April 28, 2009, that it is investigating reports that its popular PDF viewing software, Adobe Reader, contains another critical vulnerability.
A hacker using the handle "Arr1val" has discovered and published two zero day exploitable vulnerabilities in the Adobe Reader and Acrobat. Both of them make it possible for an attacker to execute arbitrary code on systems with the affected products installed, by tricking users into opening a maliciously crafted PDF file. He tested them first using Linux, on Adobe Readers 8.14 and 9.1, which are the most recent versions. Later on he retested it using Windows and Mac computers are found the same vulnerability exists under those platforms. Interestingly, Adobe only recently released those versions to fix several other critical vulnerabilities in its Reader and Acrobat programs.
The new bug was first disclosed Monday (4/27/09) on the SecurityFocus website, which published advisory 34736 containing a link to proof-of-concept attack code. The advisory is titled: "Adobe Reader 'getAnnots()' JavaScript Function Remote Code Execution Vulnerability." An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application, according to the advisory.
According to Adobe, all versions of their Reader, even the most up-to-date versions, Reader 9.1 and Reader 8.1.4, are vulnerable. The affected platforms include at least Windows, Mac and Linux and Unix.
This information has been posted on the Adobe website, by the Adobe Product Security Incident Response Team (PSIRT), in an article titled: Update on Adobe Reader Issue
"This is an update on the Adobe Reader vulnerability first discussed on the Adobe PSIRT blog on April 27 (“Potential Adobe Reader Issueâ€). All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:"
- Launch Acrobat or Adobe Reader.
- Select Edit>Preferences
- Select the JavaScript Category
- Uncheck the ‘Enable Acrobat JavaScript’ option
- Click OK
Adobe will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
I will publish additional details as they become available. You should also check the Adobe website and blog for updates and use the built-in Check for Updates function found under the Help menu, on all current versions of Adobe Reader.
Note, that users who operate with less that Administrator privileges would be less impacted if they came upon or were lured to a website containing exploit codes for this vulnerability, or any other.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.