Adobe 8 PDF Vulnerability exploited in-the-wild

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

Adobe 8 PDF Vulnerability exploited in-the-wild

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Security, AntiVirus, and Patching] >> Breaking Virus & Security News >> Adobe 8 PDF Vulnerability exploited in-the-wild

Page: [1]

Message

<< Older Topic Newer Topic >>

Adobe 8 PDF Vulnerability exploited in-the-wild - 11/6/2008 5:30:19 PM 1 votes

awenlock

Posts: 357
Score: 188
Joined: 3/8/2005
Status: offline

A total of 9 vulnerabilities have been announced that affect Adobe Reader and Adobe Writer. These vulnerabilities affect the 8.x versions of Adobe Reader/Writer.

Adobe has advised users to either upgrade to version 9, which is unaffected by the vulnerabilities or to apply the 8.1.3 patch which they have released.
Version 9 includes some new features so make sure you test it against your enviroment before you roll it out to everyone if you decided to upgrade to version 9

Affected Versions:

Adobe Reader 8.1.2 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.2 and earlier versions

Download:

Version 9: http://www.adobe.com/products/acrobat/readstep2.html
Version: 8.1.3: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4087

Links:

Adobe: http://www.adobe.com/support/security/bulletins/apsb08-19.html
Secunia: http://secunia.com/advisories/29773/

Regards
Alan

< Message edited by hwaldron -- 11/7/2008 3:25:21 PM >

Post #: 1

Adobe 8 PDF Vulnerability exploited in-the-wild8.x - 11/7/2008 3:24:54 PM

hwaldron

Posts: 3597
Score: 264
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline

The recent Adobe 8 PDF vulnerability is being exploited in-the-wild

Please PATCH NOW, as early AV detection is non-existent -- although it's being added now based on these new attacks. The patch required a 46MB download and after installation a reboot is required.

Adobe 8 PDF Vulnerability exploited in-the-wild
http://isc.sans.org/diary.html?storyid=5312

QUOTE: One of our readers, Wayne Dilly, sent couple of malicious PDF documents to us. Wayne noticed that some machines got infected and wondered if the PDF documents exploited the vulnerability patched by Adobe couple of days ago (CVE-2008-2992).

Unfortunately, Wayne was right – these PDF documents exploit the JavaScript buffer overflow vulnerability. This is not surprising, though, as a fully working PoC has been recently published as well, but it's interesting to see that the attackers modified the PoC a little bit, probably in order to evade anti-virus detection.

And indeed – at the time of writing this article, according to VirusTotal 0 (yes – ZERO) AV products detected this malicious PDF. Very, very bad.

Adobe Security Bulletin directory
http://www.adobe.com/support/security/

Adobe 8 - Updates now available
http://isc.sans.org/diary.html?storyid=5282
http://www.adobe.com/support/security/bulletins/apsb08-19.html

_____________________________

Harry Waldron - Security News & Best Practices Blog

(in reply to awenlock)

Post #: 2

RE: Adobe 8 PDF Vulnerability exploited in-the-wild8.x - 11/7/2008 3:26:41 PM

hwaldron

Posts: 3597
Score: 264
Joined: 9/12/2002
From: Roanoke VA, USA
Status: offline

Thanks Alan - I changed the title to alert folks to patch promptly as PDFs are usually exchanged quite often in the business environment, rather than being blocked attachments.

_____________________________

Harry Waldron - Security News & Best Practices Blog

(in reply to hwaldron)

Post #: 3