funsec mailing list archives

Re: Adobe 0-day in the wild

From: nick hatch <nicholas.hatch () gmail com>
Date: Sat, 21 Feb 2009 11:47:20 -0800

On Sat, Feb 21, 2009 at 9:06 AM, John LaCour <john () johnlacour com> wrote:

And there's very little information about how to mitigate the attack
without
a patch.

By disabling Javascript in the Reader, you can prevent the known attacks.
The actual vuln isn't in Acrobat javascript - that's just leveraged for
heap
spraying.

This workaround is utterly unfeasible for some businesses. At $dayjob, we
have systems which autogenerate PDF forms, and it turns out they use
javascript. I get the impression this is common.

Adding insult to injury, the vendors which support these systems don't
support Adobe 9 yet, so we're on 8. Adobe 8 gets its fix to "follow soon
after" the March 11th date for Adobe 9.

Our current mitigation strategy is begging our users to be safe. Ugh.

-Nick

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Adobe 0-day in the wild Juha-Matti Laurio (Feb 20)
- Re: Adobe 0-day in the wild Paul Ferguson (Feb 20)
- Re: Adobe 0-day in the wild John LaCour (Feb 21)
  - Re: Adobe 0-day in the wild nick hatch (Feb 21)
    - Re: Adobe 0-day in the wild Rich Kulawiec (Feb 21)
    - Re: Adobe 0-day in the wild Alex Eckelberry (Feb 21)
    - Re: Adobe 0-day in the wild Axel Pettinger (Mar 04)
- Re: Adobe 0-day in the wild Jon Kibler (Feb 22)
  - Re: Adobe 0-day in the wild rackow (Feb 23)
    - Re: Adobe 0-day in the wild nick hatch (Feb 23)
    - Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
    - Re: Adobe 0-day in the wild Charles Miller (Feb 23)
    - Re: Adobe 0-day in the wild nick hatch (Feb 23)
    - Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)

(Thread continues...)