Skip to content

0 day exploit pentru fisere pdf

Februarie 20, 2009

„javascript disabled” cel putin pana pe 11 martie, cand cei de la Adobe au anuntat ca vor face disponibil un patch pentru versiunile 8 si 9 ale Acrobat Reader datorita unei vulnerabilitati.

Aceasta vulnerabilitate daca este folosita poate duce la transformarea PC-ului in ceva strain voua*. Nu va mai fi asa cum il stiati.*=a se citii zombi.

The malicious PDF’s in the wild exploit a vulnerability in a non-JavaScript function call. However, they do use some JavaScript to implement a heap spray for successful code execution. The malicious PDF’s in the wild contain JavaScript that is used to fill the heap with shellcode. Since this exploit relies on both JavaScript and non-JavaScript components there are some potential reliability issues which has led to confusion over which platforms are affected.
Testing of the exploit with XP SP3 using Adobe Reader 8.1.1, 8.1.2, 8.1.3 and 9.0.0 shows that the vulnerability results in code execution on all of them. There may be cases where Adobe Reader crashes without code execution, especially on systems with more physical memory and faster processors. This is likely due to the race condition needed to populate the heap before certain data structures are parsed by Reader.
The exploit can be effectively mitigated by disabling JavaScript. In this scenario Adobe will still crash but the required heap spray will not occur and code execution is not possible. There may be a method for populating the heap with the necessary shellcode without JavaScript, however if such a technique exists I am not aware of it. As a general rule I like the idea of both disabling JavaScript in Adobe Reader and also flagging PDF documents containing JavaScript at perimeter devices.

Mai multe aici: Shadowserver Foundation , Adobe , eWeek

Pana pe 11 martie cand cei de la Adobe intentioneaza sa faca disponibil un patch, sfatul este : antivirus-ul up-to-date si ce e mai important javascript disabled in Adobe.

Cum? In Acrobat Reader: Edit -> Preferences -> JavaScript si debifati Enable Acrobat JavaScript si activati optiunea DPE(Data Prevetion Execution ). Clic dreapta pe My Computer -> Properties -> Advanced -> Settings -> Data Prevention Execution.

No comments yet

Lasă un răspuns

Completează mai jos detaliile tale sau dă clic pe un icon pentru a te autentifica:


Comentezi folosind contul tău Dezautentificare /  Schimbă )

Fotografie Google+

Comentezi folosind contul tău Google+. Dezautentificare /  Schimbă )

Poză Twitter

Comentezi folosind contul tău Twitter. Dezautentificare /  Schimbă )

Fotografie Facebook

Comentezi folosind contul tău Facebook. Dezautentificare /  Schimbă )


Conectare la %s

%d blogeri au apreciat asta: