Chuck52
Veteran Member
I just got this from our IT people. I wouldn't normally pass this on to this group, but I'm pretty sure I posted a link in the recent past to a site which was a PDF. It was almost certainly a secure site, but one never knows. The Powers That Be should feel free to delete this message if they deem it unworthy.
Chuck
National Cyber Alert System Technical Cyber Security Alert TA09-051A
Adobe Acrobat and Reader Vulnerability
Original release date: February 20, 2009
Source: US-CERT
Systems Affected
* Adobe Reader version 9 and earlier
* Adobe Acrobat (Professional, 3D, and Standard) version 9 and earlier
Overview
Adobe has released Security Bulletin APSB09-01, which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code.
I. Description
Adobe Security Bulletin APSB09-01 describes a memory-corruption vulnerability that affects Adobe Reader and Acrobat. Further details are available in Vulnerability Note VU#905281. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a website is usually sufficient to cause Acrobat to load PDF content.
II. Impact
By convincing a user to open a malicious PDF file, an attacker may be able to execute arbitrary code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
III. Solution
a. Disable JavaScript in Adobe Reader and Acrobat
Disabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript). Note that this will not block the vulnerability. Adobe products still may crash when parsing specially crafted PDF documents. Disabling JavaScript will mitigate a common method used to achieve code execution with this vulnerability. Also note that when JavaScript is disabled in Adobe Reader, the software will prompt the user to enable JavaScript when it opens a document that uses the feature. So although JavaScript is a single click away, setting this preference can help mitigate exploits that use JavaScript.
b. Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
c. Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied it may also mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.
d. Do not access PDF documents from untrusted sources
e. Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments.
IV. References
* Adobe Security Bulletin apsa09-01 -
APSA09-01 - Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat
* Securing Your Web Browser -
Securing Your Web Browser
* Vulnerability Note VU#905281 -
US-CERT Vulnerability Note VU#905281
The most recent version of this document can be found at: US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability
Chuck
National Cyber Alert System Technical Cyber Security Alert TA09-051A
Adobe Acrobat and Reader Vulnerability
Original release date: February 20, 2009
Source: US-CERT
Systems Affected
* Adobe Reader version 9 and earlier
* Adobe Acrobat (Professional, 3D, and Standard) version 9 and earlier
Overview
Adobe has released Security Bulletin APSB09-01, which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code.
I. Description
Adobe Security Bulletin APSB09-01 describes a memory-corruption vulnerability that affects Adobe Reader and Acrobat. Further details are available in Vulnerability Note VU#905281. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a website is usually sufficient to cause Acrobat to load PDF content.
II. Impact
By convincing a user to open a malicious PDF file, an attacker may be able to execute arbitrary code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
III. Solution
a. Disable JavaScript in Adobe Reader and Acrobat
Disabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript). Note that this will not block the vulnerability. Adobe products still may crash when parsing specially crafted PDF documents. Disabling JavaScript will mitigate a common method used to achieve code execution with this vulnerability. Also note that when JavaScript is disabled in Adobe Reader, the software will prompt the user to enable JavaScript when it opens a document that uses the feature. So although JavaScript is a single click away, setting this preference can help mitigate exploits that use JavaScript.
b. Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
c. Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied it may also mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser, do the following:
1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.
d. Do not access PDF documents from untrusted sources
e. Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments.
IV. References
* Adobe Security Bulletin apsa09-01 -
APSA09-01 - Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat
* Securing Your Web Browser -
Securing Your Web Browser
* Vulnerability Note VU#905281 -
US-CERT Vulnerability Note VU#905281
The most recent version of this document can be found at: US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability
