Thursday, July 23, 2009

Adobe Vulnerabilities Continue

A number of vulnerabilities ago, I replaced Adobe Reader with an open source reader from http://pdfreaders.org/. I continue to be pleased with the results of the open source reader, particularly considering that although Adobe Reader was recently updated to version 9.1.2 due to vulnerabilities in the previous version, problems continue. As described at ISC,
". . . when tested with Internet Explorer and the latest Flash player (version 10), the exploit silently drops a Trojan and works "as advertised". Another interesting thing I noticed is that the Trojan, which is downloaded in the second stage, is partially XOR-ed – the attackers probably did this to evade IDSes or AV programs scanning HTTP traffic. At the moment, the detection for both the exploit and the Trojan is pretty bad (only 7/41 for the Trojan, according to VirusTotal).

It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?). Regarding Flash, NoScript is your best help here, of course."


References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: