funsec mailing list archives
Re: Adobe 0-day in the wild
From: "John LaCour" <john () johnlacour com>
Date: Sat, 21 Feb 2009 12:06:09 -0500
And there's very little information about how to mitigate the attack without a patch. By disabling Javascript in the Reader, you can prevent the known attacks. The actual vuln isn't in Acrobat javascript - that's just leveraged for heap spraying. I've put together a simple batch file that disables javascript in Reader. See http://www.phishlabs.com/blog/archives/122 for details. -John -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio Sent: Friday, February 20, 2009 8:38 AM To: funsec () linuxbox org Subject: [funsec] Adobe 0-day in the wild In case you are not aware of the Acrobat/Adobe Reader 0-day there is more information at http://www.adobe.com/support/security/advisories/apsa09-01.html "Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009." But users of 8.x and older versions have to wait. There is a backdoot Trojan exploiting the issue in the wild. Note: All platforms are reportedly affected. Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adobe 0-day in the wild Juha-Matti Laurio (Feb 20)
- Re: Adobe 0-day in the wild Paul Ferguson (Feb 20)
- Re: Adobe 0-day in the wild John LaCour (Feb 21)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Rich Kulawiec (Feb 21)
- Re: Adobe 0-day in the wild Alex Eckelberry (Feb 21)
- Re: Adobe 0-day in the wild Axel Pettinger (Mar 04)
- Re: Adobe 0-day in the wild nick hatch (Feb 21)
- Re: Adobe 0-day in the wild Jon Kibler (Feb 22)
- Re: Adobe 0-day in the wild rackow (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild Dragos Ruiu (Feb 23)
- Re: Adobe 0-day in the wild Charles Miller (Feb 23)
- Re: Adobe 0-day in the wild nick hatch (Feb 23)
- Re: Adobe 0-day in the wild rackow (Feb 23)