New Acrobat 0 day exploit!

[Chiefcrowe]

Here is the link to the security bulletin which tells you about it.

The workaround is to disable JavaScript within Adobe Acrobat, you can do this by unchecking "Enable Acrobat JavaScript"
under menu Edit => Preferences => JavaScript.

 

[nordloewelabs]

i have 2 possible patches for it: Foxit or Sumatra.

 

[Chiefcrowe]

me too, but just posting this for those who are using adobe.

 

[mechBgon]

On Windows systems, Symantec reports that enabling Data Execution Prevention will also help mitigate the threat.

 

[Red Squirrel]

Why would a pdf file have javascript, or capabilities for javascript anyway?

 

[FLegman]

Alternatively one can download a "home made patch" before adobe releases the official one.

 

[n0cmonkey]

Originally posted by: RedSquirrel
Why would a pdf file have javascript, or capabilities for javascript anyway?

Because js is the new hotness. Everything needs to be js enabled!

 

[Red Squirrel]

Originally posted by: n0cmonkey

Originally posted by: RedSquirrel
Why would a pdf file have javascript, or capabilities for javascript anyway?

Because js is the new hotness. Everything needs to be js enabled!

Lol it's true, and it's really sad tbh. I have noscript, and like 90% of websites don't work until I enable js. What's up with that? Can't people code normal html/css anymore? It's not the cool thing to do now or what? lol

 

[nordloewelabs]

and Foxit 2.3 and 3.0 are also affected by this vulnerability!
updates available for both versions:
http://www.foxitsoftware.com/pdf/reader/security.htm

 

[MrChad]

Originally posted by: RedSquirrel
Lol it's true, and it's really sad tbh. I have noscript, and like 90% of websites don't work until I enable js. What's up with that? Can't people code normal html/css anymore? It's not the cool thing to do now or what? lol

When used properly, JavaScript can increase a site's usability substantially over static HTML and CSS.

That said, many sites use JavaScript for the sake of JavaScript (see: Web 2.0).

 

[MrChad]

Originally posted by: RedSquirrel
Why would a pdf file have javascript, or capabilities for javascript anyway?

Adobe has a number of enterprise server-side products that use the PDF format and Adobe Reader for workflow and forms automation. These are the typical applications for scripting a PDF file.

 

[Chiefcrowe]

Here are a couple of articles about how you don't have to do anything to become vulnerable to this exploit! pretty scary!!!

http://blog.didierstevens.com/...ig2decode-trigger-trio

http://blog.didierstevens.com/...de-look-mommy-no-hands

 

[Raincity]

Somehow I got rooted two weeks ago by this exploit through Foxit reader. I am not sure if I was browsing while logged in as admin but this was first me for. I don?t stray off the beaten path as far as internet sites go so this exploit must have come from a legitimate site.

 

[Chiefcrowe]

that is scary! do you normally use your machine under an admin account?

Originally posted by: Raincity
Somehow I got rooted two weeks ago by this exploit through Foxit reader. I am not sure if I was browsing while logged in as admin but this was first me for. I don?t stray off the beaten path as far as internet sites go so this exploit must have come from a legitimate site.

 

[Raincity]

Originally posted by: Chiefcrowe
that is scary! do you normally use your machine under an admin account?

Originally posted by: Raincity
Somehow I got rooted two weeks ago by this exploit through Foxit reader. I am not sure if I was browsing while logged in as admin but this was first me for. I don?t stray off the beaten path as far as internet sites go so this exploit must have come from a legitimate site.

No I run a SU account for matainance and LUA for everthing else. Running XP PRO SP-3 fully patched. All apps patched accorrding to Secunia advisor. DEP is enabled also. digeste.dll was the payload, a UPX packed trojan that got by Kaspersky 8.
The tip off was my machine was just crawling. Found Foxit sucking up lots of memory and there was no pdf files open at the time. Rebooted the machine and checked processes again to see a strange dll attached to each process. I shut down and then booted up the Kaspersky rescue cd and ran a scan and found the root kit. Luckliy I did a backup two day before it happend. Nuked both drives in my system. At that point I did not even trust my Acronis images to reinstall.

 

[Chiefcrowe]

thanks for the reply.. these viruses are getting sneakier and sneakier these days!