CONTACT US | SITEMAP
 
 
Search:
 
Home > Services > Advisories > MyCERT Advisories > 2009

MA-160.042009: MyCERT Alert - Vulnerabilities in Adobe Acrobat Reader

Initial Release: 30 April 2009

1.0 Introduction

Two critical vulnerabilities have been identified in Adobe Acrobat Reader 9.1 and earlier caused by the following javascript function:

  • getAnnots()
  • spell.customDictionaryOpen()

These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. MyCERT received reports from various organizations and security researcher groups mentioned that the exploits are have been used in the wild.

For this time of writing, Adobe has not yet released any patch for the vulnerabilities and from MyCERT observation, the proof of concepts (PoC) for exploiting the vulnerabilities are now publicly available.

Adobe rates the vulnerability as 'critical'. MyCERT urged public not to open any unknown source of PDF files since the update for this vulnerability is not yet available.

2.0 Impact

By exploiting these vulnerabilities, an attacker could execute arbitrary commands on the user's computer. The attacker will have the same privilege as the user.

MyCERT has done some analysis based on exploits available on the limited samples distribution and can confirm this observation. The exploitation is relying on javascript engine in Adobe Reader to get executed.

3.0 Affected Products

Majority of Adobe Acrobat Reader software are vulnerable by this bug. Below is the details list of vulnerable version:

  • Adobe Acrobat Reader 9.1
  • Adobe Acrobat Reader 9
  • Adobe Acrobat Reader 8.1.4
  • Adobe Acrobat Reader 8.1.3
  • Adobe Acrobat Reader 8.1.2 Security Update
  • Adobe Acrobat Reader 8.1.2
  • Adobe Acrobat Reader 8.1.1
  • Adobe Acrobat Reader 8.1
  • Adobe Acrobat Reader 8.0
  • Adobe Acrobat Reader 7.1.1
  • Adobe Acrobat Reader 7.1
  • Adobe Acrobat Reader 7.0.9
  • Adobe Acrobat Reader 7.0.9
  • Adobe Acrobat Reader 7.0.8
  • Adobe Acrobat Reader 7.0.8
  • Adobe Acrobat Reader 7.0.7
  • Adobe Acrobat Reader 7.0.6
  • Adobe Acrobat Reader 7.0.5
  • Adobe Acrobat Reader 7.0.4
  • Adobe Acrobat Reader 7.0.3
  • Adobe Acrobat Reader 7.0.2
  • Adobe Acrobat Reader 7.0.1
  • Adobe Acrobat Reader 7.0

4.0 Recommendation

Since the patch is not yet available for public, MyCERT would recommend public to turn off (disable) javascript function inside Adobe Acrobat Reader. Please follow steps below to disable javascript:

1. Open Your Adobe Acrobat Reader software
2. Navigate to Edit -> Preferences -> JavaScript

3. Select 'uncheck' the Enable Acrobat JavaScript.

4. Close the Adobe Reader Software for change to take affect.

In case of public received any suspicious pdf and required our further analysis, please reach us at information below:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

1) http://www.securityfocus.com/bid/34736/
2) http://www.securityfocus.com/bid/34740/
3) http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
4) http://www.mycert.org.my/en/services/advisories/mycert/2009/main/detail/644/index.html
   

Disclaimer | Copyright © 2009 - CyberSecurity Malaysia