Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Security Advisory for Adobe Reader and Acrobat - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security Advisory for Adobe Reader and Acrobat

Except from their website:

critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012. For further context on this schedule, please see the corresponding ASSET blog post.

Looks like we'll be patching Adobe Reader and Acrobat tomorrow against this newest threat that has been making the rounds over the past couple weeks.  

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Joel

454 Posts
ISC Handler
"Protected Mode" is a stupid joke imho, even in the latest reader 10.1.1 it causes ALL my prints to print out as if they were encrypted junk or written by aliens. I have to disable it in order to properly print pdf files so i usually keep it disabled all the time.
JustAMouse

11 Posts
Actually, if you go into the advanced button on the print screen when you send it to print, then check off "print as image" this fixes the issue. This was a problem in version 9 on some of our systems as well.
Val

10 Posts
sorry but printing as image on 90 cm-wide roll paper creates HUGE print files and the output is bad, i already tried that. Often the reader even crashes because it runs out or memory when rendering the page if it is too complex.
Some of my pdf files can easily cover 3 meters of paper in length. HP Designjet 42" user here.
JustAMouse

11 Posts

Sign Up for Free or Log In to start participating in the conversation!