[bioundgrd] PDF vulnerability using Adobe Reader or Acrobat

Nick Polizzi npolizzi at MIT.EDU
Thu Mar 5 12:13:20 EST 2009 

Begin forwarded message:

> From: Monique Yeaton <myeaton at MIT.EDU>
> Date: March 5, 2009 11:19:17 AM EST
> To: itpartners at mit.edu
> Subject: PDF vulnerability using Adobe Reader or Acrobat
>
> Please pass along:
>
> Adobe security bulletin:
> http://www.adobe.com/support/security/advisories/apsa09-01.html
>
> An Adobe Reader and Acrobat vulnerability has been announced, which  
> affects the latest versions (7, 8 and 9), and is actively being  
> exploited. Malicious software is being spread by the seemingly  
> innocuous PDF.
>
> Adobe promises a patch to be made available March 11;  this means  
> there is quite a gap between now and then for exploit  
> opportunities. Adobe recommends to take the patch when it becomes  
> available.
>
> Who is vulnerable?
>
> Mac users may be less vulnerable than Windows users because they  
> can use Preview to read PDFs. However, any machine using Adobe  
> Reader or Acrobat to view PDFs are vulnerable to the exploit.
>
> What to do in the meantime?
>
> For now, exploits can be mitigated by disabling JavaScript in Adobe  
> Acrobat and Reader.  Disabling JavaScript is easy to do:  Edit (or  
> the Adobe menu, if using a Mac) -> Preferences -> JavaScript ->  
> Uncheck "Enable JavaScript".  Windows Administrators can also push  
> a registry key via GPO to disable.
>
> It is important to note that disabling JavaScript prevents the  
> currently seen exploits from successfully running, however, it does  
> not protect against the actual vulnerability.
>
> While we don't recommend or support any particular PDF reading  
> software aside from Adobe's, there is a list of alternative readers  
> listed here:
>
> http://en.wikipedia.org/wiki/List_of_PDF_software
>
> We do recommend warning users to not open or download PDF  
> attachments in emails from unknown sources.
>
> This blog with video shows how the vulnerability can be exploited  
> on a Windows machine without opening the PDF document:
> http://blog.didierstevens.com/2009/03/04/quickpost-jbig2decode- 
> trigger-trio/
>
>
> Monique (on behalf of IT Security Support)
>
> =========================
> Monique Yeaton
> IT Security Awareness Consultant
> MIT Information Services & Technology (IS&T)
> (617) 253-2715
> http://web.mit.edu/ist/security
>
> ---------------------------------------
> Important: DO NOT GIVE OUT YOUR PASSWORDS!
> Ignore emails asking you to provide yours. IS&T will *NEVER* ask  
> you for your password.
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/bioundgrd/attachments/20090305/1e35cd09/attachment.htm

More information about the bioundgrd mailing list