a l e x f a l k e n b e r g » exploit http://www.alexfalkenberg.com We think it. We do it. Sun, 06 Mar 2011 08:30:42 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Adobe puts out workaround for Acrobat exploit http://www.alexfalkenberg.com/2007/10/13/adobe-puts-out-workaround-for-acrobat-exploit/ http://www.alexfalkenberg.com/2007/10/13/adobe-puts-out-workaround-for-acrobat-exploit/#comments Sat, 13 Oct 2007 12:08:04 +0000 Alex http://www.alexfalkenberg.com/2007/10/13/adobe-puts-out-workaround-for-acrobat-exploit/ Related Posts Adobe announces Thermo, PDFs can also be bad for you, Adobe AIR beta 2 is out]]> The exploit we’ve previously mentioned here only affects you if your setup matches the following:

Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed

Affected Software Versions:

  • Adobe Reader 8.1 and earlier versions
  • Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions
  • Adobe Acrobat 3D

Adobe has finally provided a workaround, though it’s not terribly straightforward if you’re uncomfortable mucking about in the registry:

http://www.adobe.com/support/security/advisories/apsa07-04.html

They plan to eventually provide a more user-friendly solution. Until then, the exploit–while not known to be out in the wild yet–has the potential to be extremely damaging; applying Adobe’s workaround is strongly recommended while we wait for them to provide a proper, more-polished patch.

Related Posts

Adobe announces Thermo, PDFs can also be bad for you, Adobe AIR beta 2 is out]]> http://www.alexfalkenberg.com/2007/10/13/adobe-puts-out-workaround-for-acrobat-exploit/feed/ 0 PDFs can also be bad for you http://www.alexfalkenberg.com/2007/09/21/pdfs-can-also-be-bad-for-you/ http://www.alexfalkenberg.com/2007/09/21/pdfs-can-also-be-bad-for-you/#comments Fri, 21 Sep 2007 06:35:40 +0000 Alex http://www.alexfalkenberg.com/2007/09/21/pdfs-can-also-be-bad-for-you/ Related Posts Adobe puts out workaround for Acrobat exploit]]> Be careful out there.

A zero-day PDF vulnerability in Adobe’s Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher.

“All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one,” said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.

[...]

Paul Henry, vice president of technology and evangelism at Secure Computing, based in San Jose, Calif., said in an interview with eWEEK that PDF vulnerabilities have a strong advantage when it comes to users being tempted into opening them, giving this vulnerability the potential to become a “huge” attack vector. “From a social engineering standpoint, it’s easier to attach a PDF to e-mail and assume [the target will] open it. If you’ve got a request to launch a video conversation from someone you never heard of, chances are you won’t do it. Or you won’t click on a video online if you don’t know where it’s from. But from a social engineering point of view, this is deeper.”

[...]

The scenario is that an attacker rigs a PDF file designed to exploit the flaw. He or she distributes it via e-mail or through other means, or hosts it on a Web page. When a user opens the rigged PDF file with a vulnerable application, the user’s machine can be loaded with malware that makes it open to a takeover.

[...]

“The ability to use PDFs to install malware and steal personal information from remote PCs is here,” he said in a statement. “Readers should be cautioned to only open PDF files from senders they explicitly trust.”

(Snippets from eWeek. Image from Adobe.)

Related Posts

Adobe puts out workaround for Acrobat exploit]]> http://www.alexfalkenberg.com/2007/09/21/pdfs-can-also-be-bad-for-you/feed/ 1