Severity: Medium
4 November, 2008
Summary:
§ This vulnerability affects: Adobe Reader and Acrobat 8.1.2 and earlier, on Windows, Mac, *nix computers
§ How an attacker exploits it: Multiple vectors of attack, including enticing your users into viewing a maliciously crafted PDF document
§ Impact: Various results; in the worst case, an attacker can execute code on your computer, potentially gaining control of it
§ What to do: Upgrade to Acrobat Reader 9 (or 8.1.3) or Acrobat 8.1.3
Severity: Medium
4 November, 2008
Summary:
§ This vulnerability affects: Adobe Reader and Acrobat 8.1.2 and earlier, on Windows, Mac, *nix computers
§ How an attacker exploits it: Multiple vectors of attack, including enticing your users into viewing a maliciously crafted PDF document
§ Impact: Various results; in the worst case, an attacker can execute code on your computer, potentially gaining control of it
§ What to do: Upgrade to Acrobat Reader 9 (or 8.1.3) or Acrobat 8.1.3
Exposure:
In a security bulletin released today, Adobe warns of “critical vulnerabilities” in Reader and Acrobat 8.1.2 (and all earlier versions) on all platforms that can run them. Adobe does not describe these vulnerabilities in much detail. They only describe the flaws as multiple input validation vulnerabilities, a privilege escalation flaw, and a Denial of Service (DoS) vulnerability. They warn that attackers could exploit many of the input validation flaws to remotely execute code on your computer. However, they do not detail how an attacker might exploit these flaws.
Security research company Secunia discovered at least one of these critical vulnerabilities, which they describe in much more detail. According to Secunia’s alert, Reader and Acrobat suffer from a boundary error when parsing certain types of content found within a PDF document. By tricking one of your users into downloading and viewing a PDF document, an attacker could exploit this vulnerability to execute code on that user’s computer, with that user’s privileges. If you give your users local administrative privileges, an attacker could exploit this flaw to gain complete control of your user’s computer.
We assume that an attacker would trigger many of the input validation flaws in the same way as the Secunia flaw described above; by enticing your users into downloading and viewing a malicious PDF document. However, some of the vulnerabilities also involve Adobe Reader’s Download Manager. It remains unclear how an attacker might trigger these Download Manager flaws.
Solution Path
Adobe Reader 9 and Acrobat 8.1.3 fix these vulnerabilities. Administrators should download, test, and deploy these updates as soon as possible.
§ Adobe Reader 9 (if you can’t upgrade to 9, Reader 8.1.3 also fixes these issues)
§ Adobe Acrobat 8.1.3
§ For Mac
§ Adobe Acrobat 3D 8.1.3 for Windows
For All WatchGuard Users:
Although many of WatchGuard’s Firebox models can block incoming PDF files, most administrators prefer to allow these file types for business purposes. You should update to Adobe Reader 9 or Acrobat 8.1.3 instead.
If you want to block PDF documents, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block .pdf files by file extension:
§ Firebox X Edge running 10.x
§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 17.4MB / QuickTime, 11.8MB
§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 32MB / QuickTime, 28.6MB
§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 17.6MB / QuickTime, 16.5MB
§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 12.2MB / QuickTime, 9.1MB
§ Firebox X Core and X Peak running Fireware 10.x
§ How do I block files with the FTP proxy? (Video, 2:30)
Windows Media, 25.2MB / QuickTime, 9.1MB
§ How do I block files with the HTTP proxy? (Video, 2:52)
Windows Media, 38.2MB / QuickTime, 10.7MB
§ How do I block files with the POP3 proxy? (Video, 2:35)
Windows Media, 23.2MB / QuickTime, 10.1MB
§ How do I block files with the SMTP proxy? (Video, 2:18)
Windows Media, 25.6MB / QuickTime, 9.0MB
Status:
Adobe released Reader 9 (and 8.1.3) and Acrobat 8.1.3 to correct these issues.