Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: PDF vulnerabilities SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PDF vulnerabilities
Several new Adobe pdf vulnerabilities were recently announced.
The author claims these are basic vulnerabilities in the pdf api or architecture. The author tested his poc's against Acrobat reader and Adobe professional.
The details are available here.,1895,2016606,00.asp

Here is a quick risk assessment.

How widely deployed is the application?
Adobe reader is widely used and deployed. (9)

Are vendor patches available?
No patches currently available (10)

Is mitigation available and if so how complete is the mitigation?
No mitigation is currently available. (10)

Is user participation required?

Yes. The user first has to download or click the link to a pdf. (5)
So some user interaction takes place.
I have not tested the POCs but several people have and their results do not match. Depending on who tested it you may have to click allow.
See this discussion on who tested the pocs and their results.

Is the vulnerability cross platform?

Yes. Any exploits will still have to run system dependant malware on the end host but there are plenty of malware binaries that could be used. (8)

Is proof of concepts or exploit code available?
The poc for two of the vulnerabilities are publicly available (10)

Overall risk score 8.7 on a scale of 0 ? 10 with 10 being the highests.
This is based on the numbers I assigned.
Your risk might be slightly higher or lower depending on the numbers you would assign and any mitigation factors. In most risk assesments I do I include the value of the system that is vulnerable. In this case that is difficult to do so I have left that out.



206 Posts
Sep 20th 2006

Sign Up for Free or Log In to start participating in the conversation!