Adobe investigating Reader, Acrobat exploit reports

Discussion in 'other security issues & news' started by ronjor, Dec 14, 2009.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Article
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Yet another problem with adobe they should have monthly updates like Microsoft opps they do! :eek:

    TH
     
  3. Dogbiscuit

    Dogbiscuit Guest

    From Symantec:
    From the Shadowserver Foundation which says it has examined the exploit:
    EDIT: From PC Magazine:
     
    Last edited by a moderator: Dec 15, 2009
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for posting this, Dogbiscuit!

    Even if DEP doesn't mitigate this exploit, and although AV detection is not reliable yet, any security solution that alerts to unauthorized executables will block the attempt to drop \AdobeUpdate.exe.

    The Trojan.Pidief family of malware goes back to earlier this year. All of the trojans have the same payload: a command to call out to a server to download the malware.

    I've written about this before, so if you aren't familiar with how these PDF expoits work, and how easy it is to prevent against them, here it is again. While it uses a web-embedded remote code execution exploit as an example, an email attack is similarly prevented beginning with the "third requirement:"

    http://www.urs2.net/rsj/computing/tests/pdf/

    It's been noted before that not everyone has a Firewall with outbound monitoring, nor anti-execution prevention. Fair enough, but that doesn't mean that these solutions aren't available for those who care to investigate how these exploits work and thus, take appropriate preventative measures.

    All you have to do is read, as Dogbiscuit has done, and retrieve the pertinent information: a malware executable attempts to download in the background.

    What can you do to prevent that? Then, you go from there!

    So, you have to get beyond the initial advisory, which ususally doesn't give you much to go on.

    ----
    rich
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,743
    Location:
    New York City
  6. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,980
    Location:
    U.S.A.
    Adobe explains PDF patch delay, by Gregg Keizer.​
     
Loading...
Thread Status:
Not open for further replies.