Adobe PDF - Zero Day Exploit (how to turn off Javascript)

Posted Friday, February 20, 2009 4:19 PM by hwaldron

In further research, this new vulnerability can be mitigated by turning off JavaScript. AV protection is also available from most vendors at this point.  Always be careful handling any suspicious attachment or weblink found in email.

Adobe PDF - Zero Day Exploit (how to turn off Javascript)
http://isc.sans.org/diary.html?storyid=5902
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219
http://blog.trendmicro.com/portable-document-format-or-portable-malware-format/
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PIDIEF.IN
http://www.avertlabs.com/research/blog/index.php/2009/02/19/new-backdoor-attacks-using-pdf-documents/
http://vil.nai.com/vil/content/v_153842.htm

QUOTE: The Shadowserver Foundation has recently become aware of a very severe vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is currently on the loose in the wild and being actively exploited. We are aware of several different variations of this attack, however, we were provided with a sample last week in which we were permitted to analyze and detail in this post. We want to make it clear that we did not discover this vulnerability and are only posting this information to make sure others are aware and can adequately protect themselves. All of our testing was done on Adobe Acrobat Reader 8.1.0, 8.1.1, 8.1.2, 8.1.3 (latest release of 8), and 9.0.0 (latest release of 9). We have not confirmed via testing that the exploit actually works on Adobe Acrobat (non-Reader) but believe that it will also affect it as well.

HOW TO DISABLE JAVASCRIPT IN ADOBE READER (from menu bar)
Edit -> Preferences -> JavaScript -> uncheck Enable Acrobat JavaScript

Comments

No Comments