No, at least according to the video. If you download a trojaned PDF, and run it in Reader, it will still run the shellcode.
Admittedly, that is a bit harder to get a victim to do, but still way too easy. Unless Adobe is already aware of this 0-day vulnerability and plans on incorporating a fix in their scheduled quarterly update next Tuesday, an out-of-band Adobe Reader update seems likely. Thanks for the heads up Brian. I shall watch the progress of this exploit unfold with interest through this blog and the usual security news sites online. This Group-IB sounds very similar to the controversial French company Vupen which last week announced a similar exploit for Windows 8.
We can only hope that this group does not attempt to sell the flaw to Adobe since Adobe are unlikely to buy it, that would be extortion. I really wish that such companies would responsibly disclose such flaws to the companies concerned in this case Adobe but since they make their business selling exploits this is extremely unlikely and will put many innocent people at risk of a malware infection.
Adobe will ignore you, but hackers will get the idea. I find it interesting that they chose Windows XP to show this exploit. They are also using IE 6, while it may not have a bearing on the exploit; I would feel this exploit was more resilient if it worked on a fully patched Windows 8 64 bit system with IE Use third party PDF readers instead of Adobe.
I agree, Richard, and that is why it is not only disabled on my rig, but uninstalled. It is also a resource hog as well. I look at it another way. They would probably have an equally easy time finding holes in whatever alternative you run to.
I like to say something practical when I post, so let me suggest that Adobe Reader users do this:. In addition I would also recommend going to the Security Enhanced section within Preferences of Adobe Reader XI 11 and earlier versions and un-ticking the following option:.
I have read elsewhere that this particular exploit does not use JavaScript to exploit the computer. However, mechBgon recommendations of disabling JavaScript should still be used since disabling this can mitigate other threats contained in PDFs. Simply disabling it works more effectively for home users. In my habit of contributing something useful: anyone with concerns about their PDF reader or any other app getting exploited and launching a payload could look into Software Restriction Policy, which I have a writeup on at mechbgon.
Also, note that in a recent list of the top ten highly exploited software, Adobe accounted for almost all of it except for some Java.
And people were crowing that nothing made by Microsoft made it to the list which only means Adobe is massively worse than Microsoft, not that Microsoft is any better. Old vulns in old but still widespread versions of the software. Not just Microsoft. Adobe is also married to Intuit, a financial software ISV providing both installed applications and web-based services. In this case Intuit users cannot simply uninstall Adobe Reader as it is required for important business functions.
Looks like a good case for users to maintain two PDF readers. First check if your F-Secure security program is using the latest detection database updates , then try scanning the file again.
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis. NOTE If the file was moved to quarantine , you need to collect the file from quarantine before you can submit it.
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product. Note You need administrative rights to change the settings. Find the latest advice in our Community. See the user guide for your product on the Help Center. Chat with or call an expert for help. UZ identifies a malicious PDF document that attempts to exploit a known vulnerability in order to drop and run a malicious executable file on the system.
The exploit-code will not drop the executable if any of the following folders exist on the system:. The dropped file will then be executed and will attempt to download additional files on to the system. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript. Classification Category :. Type :. Aliases :. Gen, Exploit. Summary A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.
0コメント