Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Adobe/Acrobat 0-day in the wild? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe/Acrobat 0-day in the wild?

According to our friends over at Shadowserver, There is a new Acrobat 0-day in the wild.  They say you can avoid it by turning off Javascript inside of your Adobe Acrobat products. 

Please see Shadowserver's write up: here for more information

-- Joel Esler


454 Posts
Feb 20th 2009
Can hardly believe an Adobe patch will be out for this exploit March 11th, that's almost 3 weeks!

Excuse my french - wtf...!

3 Posts
Yeah, but then again it's a Java problem, and anything Java=related is notoriously slow ;-)

21 Posts
It's not really a JAVA problem.
In this specific case it is, but, as far as i understand, JAVA is not needed to exploit the mentioned issue.
So other working exploits will come up, not using JAVA, but getting a lot of users into trouble.

2 Posts
\"Friends\" at ShadowServer???

And you should really disclose relationships before you brag up VRT.

40 Posts
Relationships? Like, \"Hey, I work for Sourcefire\"?

454 Posts
java has nothing to do with this exploit or the mechanics of the exploits floating around. Attackers are using javaSCRIPT to massage the heap to allow for more reliable exploitation. Disabling that removes that capability from their tool chest, and that in turn makes the exploit much much harder to accomplish.

56 Posts
I found this nugget of joy on the VRT blog especially disturbing. "Oh, by the way, I forgot to mention. If you happen to open an explorer window, or a browser window, or anything at all that even has the ICON of the pdf file, you're owned." This may be a silly comment but is disabling JS really going to help that much. It will simply ask them if they want to re-enable. They will say yes and be owned anyway.

Sign Up for Free or Log In to start participating in the conversation!