Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe/Acrobat 0-day in the wild? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe/Acrobat 0-day in the wild?

According to our friends over at Shadowserver, There is a new Acrobat 0-day in the wild.  They say you can avoid it by turning off Javascript inside of your Adobe Acrobat products. 

Please see Shadowserver's write up: here for more information

-- Joel Esler http://www.joelesler.net

 Joel

454 Posts
ISC Handler
Subscribe Feb 20th 2009
1 decade ago
Can hardly believe an Adobe patch will be out for this exploit March 11th, that's almost 3 weeks!

Excuse my french - wtf...!
 Brian

3 Posts
Quote Feb 20th 2009
1 decade ago
Yeah, but then again it's a Java problem, and anything Java=related is notoriously slow ;-)
 Lee

21 Posts
Quote Feb 20th 2009
1 decade ago
It's not really a JAVA problem.
In this specific case it is, but, as far as i understand, JAVA is not needed to exploit the mentioned issue.
So other working exploits will come up, not using JAVA, but getting a lot of users into trouble.
 Manuel

2 Posts
Quote Feb 21st 2009
1 decade ago
\"Friends\" at ShadowServer???

And you should really disclose relationships before you brag up VRT.
 Ken

40 Posts
Quote Feb 21st 2009
1 decade ago
Relationships? Like, \"Hey, I work for Sourcefire\"?
Joel

454 Posts
ISC Handler
Quote Feb 22nd 2009
1 decade ago
java has nothing to do with this exploit or the mechanics of the exploits floating around. Attackers are using javaSCRIPT to massage the heap to allow for more reliable exploitation. Disabling that removes that capability from their tool chest, and that in turn makes the exploit much much harder to accomplish.
AndreL

56 Posts
Quote Feb 23rd 2009
1 decade ago
I found this nugget of joy on the VRT blog especially disturbing. "Oh, by the way, I forgot to mention. If you happen to open an explorer window, or a browser window, or anything at all that even has the ICON of the pdf file, you're owned." This may be a silly comment but is disabling JS really going to help that much. It will simply ask them if they want to re-enable. They will say yes and be owned anyway.
 Anonymous
Quote Feb 23rd 2009
1 decade ago

Sign Up for Free or Log In to start participating in the conversation!