funsec mailing list archives
Re: Adobe 0-day in the wild
From: nick hatch <nicholas.hatch () gmail com>
Date: Sat, 21 Feb 2009 11:47:20 -0800
On Sat, Feb 21, 2009 at 9:06 AM, John LaCour <john () johnlacour com> wrote:
And there's very little information about how to mitigate the attack without a patch. By disabling Javascript in the Reader, you can prevent the known attacks. The actual vuln isn't in Acrobat javascript - that's just leveraged for heap spraying.
This workaround is utterly unfeasible for some businesses. At $dayjob, we have systems which autogenerate PDF forms, and it turns out they use javascript. I get the impression this is common. Adding insult to injury, the vendors which support these systems don't support Adobe 9 yet, so we're on 8. Adobe 8 gets its fix to "follow soon after" the March 11th date for Adobe 9. Our current mitigation strategy is begging our users to be safe. Ugh. -Nick
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adobe 0-day in the wild Juha-Matti Laurio (Feb 20)
- Re: Adobe 0-day in the wild Paul Ferguson (Feb 20)
- Re: Adobe 0-day in the wild John LaCour (Feb 21)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Rich Kulawiec (Feb 21)
- Re: Adobe 0-day in the wild Alex Eckelberry (Feb 21)
- Re: Adobe 0-day in the wild Axel Pettinger (Mar 04)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Jon Kibler (Feb 22)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild Charles Miller (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild rackow (Feb 23)