New Adobe Vulnerability Exploited in Targeted Attacks
Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today [1]. The post reveals that a critical vulnerability, CVE-2009-3459, is now being exploited in the wild in targeted attacks. The vulnerability affects Adobe 9.1.3 on Windows, Unix and OS X. However, the exploits have been limited to Windows so far.
An update scheduled to be released on Oct 13th should fix the problem. Until then, Windows users are advised to enable DEP. Anti malware vendors have been informed by Adobe.
This vulnerability does not require Javascript. If you disabled Javascript in the past, it will not protect you in this case. Another workaround I found helpful: You can "clean" PDF documents by first converting them into another format (like Postscript) and then back into PDF. However, this is not 100% certain to remove the exploit and you may infect the machine that does the conversion as it will likely still use the vulnerable libraries to convert the document. But the likelyhood of this happening is quite low.
[1] http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
https://www.securestate.com/Documents/Bypassing_Hardware_based_Data_Execution_Prevention.pdf
"We’ll only talk about Windows 2003 SP2 in this specific paper since each OS, while of course different, is relatively similar. It is significantly easier to bypass DEP in Windows XP SP2 and Windows 2003 SP1 than it is with Windows 2003 SP2..."
RJ
Oct 8th 2009
1 decade ago
Dr. J
Oct 8th 2009
1 decade ago
Dr. J
Oct 8th 2009
1 decade ago
RJ
Oct 9th 2009
1 decade ago
Sec_Jay
Oct 9th 2009
1 decade ago
n3kt0n
Oct 9th 2009
1 decade ago
I use many Adobe products but Reader and Acrobat are not among them..
Pedantic
Oct 9th 2009
1 decade ago
Sec_Jay
Oct 9th 2009
1 decade ago
Sec_Jay
Oct 9th 2009
1 decade ago
Sec_Jay
Oct 9th 2009
1 decade ago