Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

WatchGuard Live Security:Malicious PDFs Exploit Adobe Reader and Acrobat Holes

Severity: Medium

4 November, 2008

Summary:

§ This vulnerability affects: Adobe Reader and Acrobat 8.1.2 and earlier, on Windows, Mac, *nix computers

§ How an attacker exploits it: Multiple vectors of attack, including enticing your users into viewing a maliciously crafted PDF document

§ Impact: Various results; in the worst case, an attacker can execute code on your computer, potentially gaining control of it

§ What to do: Upgrade to Acrobat Reader 9 (or 8.1.3) or Acrobat 8.1.3

Severity: Medium

4 November, 2008

Summary:

§ This vulnerability affects: Adobe Reader and Acrobat 8.1.2 and earlier, on Windows, Mac, *nix computers

§ How an attacker exploits it: Multiple vectors of attack, including enticing your users into viewing a maliciously crafted PDF document

§ Impact: Various results; in the worst case, an attacker can execute code on your computer, potentially gaining control of it

§ What to do: Upgrade to Acrobat Reader 9 (or 8.1.3) or Acrobat 8.1.3

Exposure:

In a security bulletin released today, Adobe warns of “critical vulnerabilities” in Reader and Acrobat 8.1.2 (and all earlier versions) on all platforms that can run them. Adobe does not describe these vulnerabilities in much detail. They only describe the flaws as multiple input validation vulnerabilities, a privilege escalation flaw, and a Denial of Service (DoS) vulnerability. They warn that attackers could exploit many of the input validation flaws to remotely execute code on your computer. However, they do not detail how an attacker might exploit these flaws.

Security research company Secunia discovered at least one of these critical vulnerabilities, which they describe in much more detail. According to Secunia’s alert, Reader and Acrobat suffer from a boundary error when parsing certain types of content found within a PDF document. By tricking one of your users into downloading and viewing a PDF document, an attacker could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. If you give your users local administrative privileges, an attacker could exploit this flaw to gain complete control of your user’s computer.

We assume that an attacker would trigger many of the input validation flaws in the same way as the Secunia flaw described above; by enticing your users into downloading and viewing a malicious PDF document. However, some of the vulnerabilities also involve Adobe Reader’s Download Manager. It remains unclear how an attacker might trigger these Download Manager flaws.

Solution Path

Adobe Reader 9 and Acrobat 8.1.3 fix these vulnerabilities. Administrators should download, test, and deploy these updates as soon as possible.

§ Adobe Reader 9 (if you can’t upgrade to 9, Reader 8.1.3 also fixes these issues)

§ Adobe Acrobat 8.1.3

§ For Windows

§ For Mac

§ Adobe Acrobat 3D 8.1.3 for Windows

For All WatchGuard Users:

Although many of WatchGuard’s Firebox models can block incoming PDF files, most administrators prefer to allow these file types for business purposes. You should update to Adobe Reader 9 or Acrobat 8.1.3 instead.

If you want to block PDF documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .pdf files by file extension:

§ Firebox X Edge running 10.x

§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 17.4MB / QuickTime, 11.8MB

§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 32MB / QuickTime, 28.6MB

§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 17.6MB / QuickTime, 16.5MB

§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 12.2MB / QuickTime, 9.1MB

§ Firebox X Core and X Peak running Fireware 10.x

§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 25.2MB / QuickTime, 9.1MB

§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 38.2MB / QuickTime, 10.7MB

§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 23.2MB / QuickTime, 10.1MB

§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 25.6MB / QuickTime, 9.0MB

Status:

Adobe released Reader 9 (and 8.1.3) and Acrobat 8.1.3 to correct these issues.

References:

§ Adobe Security Bulletin

§ Secunia Adobe Reader/Acrobat advisory

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 22 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...