Re: Adobe 0-day in the wild

[Axel Pettinger <Axel.Pettinger () t-online de>]

nick hatch wrote:
> On Sat, Feb 21, 2009 at 9:06 AM, John LaCour <john () johnlacour com> 
> wrote:
>
>      And there's very little information about how to mitigate the 
>      attack without a patch.
>
>      By disabling Javascript in the Reader, you can prevent the known 
>      attacks. The actual vuln isn't in Acrobat javascript - that's 
>      just leveraged for heap spraying.
>
> This workaround is utterly unfeasible for some businesses. At $dayjob, 
> we have systems which autogenerate PDF forms, and it turns out they 
> use javascript. I get the impression this is common.
>
> Adding insult to injury, the vendors which support these systems don't 
> support Adobe 9 yet, so we're on 8. Adobe 8 gets its fix to "follow 
> soon after" the March 11th date for Adobe 9.
>
> Our current mitigation strategy is begging our users to be safe. Ugh.

Not sure whether this helps, but Symantec mentiones that "Enabling DEP 
for Adobe Reader will also help prevent this type of attack."

https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/vulnerabilities_exploits/article-id/188

Regards,
Axel Pettinger
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.