Adobe Patches and Reports New Vulnerabilities

It’s strange that Adobe went for years without many major security problems, but then all of a sudden, it seems like there’s a new Adobe security problem every week …

Adobe’s Flash Player was updated yesterday fixing several security vulnerabilities in the process. The patch was initially slated for a November 9 release but released in advance yesterday. But Adobe Flash was not the only vulnerable Adobe product. Adobe has scheduled an update for their popular pdf readers Adobe Reader and Adobe Acrobat on November 15 to fix an actively exploited vulnerability.

To make matters worse, a new vulnerability has been confirmed by Adobe affecting Adobe Reader 9.2 or later and Adobe Reader 8.1.7 or later. A “proof-of-concept file demonstrating a Denial of Service was published” already that crashes the pdf reader. The exploit does not demonstrate arbitrary code execution, but Adobe is not eliminating the possibility at this point in time. It has to be noted that Adobe Acrobat is not affected by the security vulnerability.

The blog post of the Security and Response team offers instructions on how to protect the computer system from this vulnerability.

Adobe Reader 9.2 and later and Adobe Reader 8.1.7 and later – Windows

On Windows, the JavaScript Blacklist can be in two locations. Please review the following options and then create the registry key of your choice:

Enterprise list: This blacklist helps enterprises roll out policies that block exploitable API(s) from executing in their environment. Populating the blacklist in this location is the responsibility of the enterprise. Adobe patches never modify this registry location.
To create the registry key:
HKLM\SOFTWARE\Policies\Adobe\<product>\<version>\FeatureLockDown\cJavaScriptPerms\tBlackList

Adobe’s update/patch list: The Adobe blacklist is modified by Adobe Reader patches whenever an API is deemed vulnerable. APIs are also removed from the blacklist whenever a fix for a vulnerability is provided by the current patch.
To create the registry key:
HKLM\SOFTWARE\Adobe\<product>\<version>\JavaScriptPerms\tBlackList

On a 64 bit Windows system, the path is:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe

->To prevent this particular issue, add the following value to the registry key created in the previous step (case sensitive):
Doc.printSeps

->Exit and restart the application

Adobe Reader 9.2 and later and Adobe Reader 8.1.7 and later – Macintosh

On your Macintosh computer, go to the Applications folder or to the location where you have Adobe Reader installed.
Right-click on Adobe Reader
Click on Show Package Contents
Expand Contents
Expand MacOS
Expand Preferences
Create a backup of the FeatureLockDown file.
Right-click on FeatureLockDown.
Open With TextEdit.
Just before the last >> add the following line to the FeatureLockDown file (case sensitive):
/JavaScriptPerms [ /c << /BlackList [ /t (Doc.printSeps) ] >> ]
Save the file
Restart Adobe Reader

Adobe Reader 9.2 and later – UNIX

Go to the Global Prefs file at:
/Reader/GlobalPrefs/reader_prefs
Add the following line to the file:
/JavaScriptPerms [/c << /BlackList [/t (Doc.printSeps) ] >> ]

There you have it. Make sure you protect your version of Adobe Reader from the vulnerability by following the instructions posted above. The posting does not offer any information on the consequences of protecting the pdf reader from the vulnerability. It is also not clear if Adobe will be able to include the patch for this vulnerability in the upcoming update.

As if that was not enough, there is also a new vulnerability in Adobe Shockwave Player.

Krystian Kloskowski has discovered a vulnerability in Shockwave Player, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a use-after-free error in an automatically installed compatibility component as a function in an unloaded library may be called.

Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into opening the “Shockwave Settings” window when viewing a web page.

The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.

The description makes it clear that systems are only vulnerable to this attack if the user opens the Shockwave Settings window on a specially prepared website.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures Remote Console Server products, Switched PDU products and A/B Fallback Units. WTI products are designed to solve common network problems and manufactured to endure.

Tags: , , , ,

Comments are closed.