Acrobat Reader 0-Day exploit in the wild...
FYI...
- http://www.shadowserver.org/wiki/pmw...endar.20090221
21 February 2009 - "...Work Arounds & Windows Group Policy Object (GPO)
As we mentioned the main work around for this is to disable JavaScript. Acrobat will still crash but the exploit should fail. While all platforms are reportedly affected, we should note that we have only seen active exploits for Windows and not Linux or OS X platforms. Once again to disable JavaScript in Acrobat [Reader], take the following steps:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript
Elazar Broad also wrote into us the other day and provided a GPO that can be used to disable JavaScript for Adobe Acrobat [Reader]. We have not tested it but you can grab it by clicking here*. Basically these are the keys of interest (from HKEY_CURRENT_USER):
Adobe Acrobat Reader:
Software\Adobe\Acrobat Reader\x.0\JSPrefs
Adobe Acrobat:
Software\Adobe\Adobe Acrobat\x.0\JSPrefs
Setting the DWORD "bEnableJS" to 0 will disable JavaScript...
Details Released
We knew it would not take too long - the details of the vulnerable function and enough information to potentially recreate the exploit have now been published publicly... Expect that a wider set of attackers will now start using this exploit in the near future before the patch is released. In other words... DISABLE JAVASCRIPT and patch as soon as it becomes available!"
* http://www.shadowserver.org/wiki/upl...ndar/adobe.txt
- http://www.kb.cert.org/vuls/id/905281
Last Updated: 2009-02-23
