Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2013

Help Centre

Reporting Channels

Definitions of Incidents

Cyber999 - Service Level Agreement

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2009

MA-195.102009: MyCERT Alert - Critical Vulnerability in Adobe Acrobat and Adobe Reader

1.0 Introduction

A critical vulnerability (CVE-2009-3459) has been identified in Adobe Acrobat and Adobe Reader 9.1.3 and earlier versions on Windows, Unix and OS X. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious PDF file.

2.0 Impact

By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader and gain the same privilege as the user. The attack can be launched locally or remote by abusing Adobe Acrobat web browser plugin. Failed attempts will likely result in denial-of-service conditions.

3.0 Affected Products

Majority of Adobe Acrobat and Adobe Reader software are vulnerable by this bug. Below is the details list of vulnerable version:

Adobe Acrobat Standard 9.1.3
Adobe Acrobat Standard 9.1.2
Adobe Acrobat Standard 8.1.6
Adobe Acrobat Standard 8.1.4
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 8.1.2
Adobe Acrobat Standard 8.1.1
Adobe Acrobat Standard 7.1.3
Adobe Acrobat Standard 7.1.1
Adobe Acrobat Standard 7.0.8
Adobe Acrobat Standard 7.0.7
Adobe Acrobat Standard 7.0.6
Adobe Acrobat Standard 7.0.5
Adobe Acrobat Standard 7.0.4
Adobe Acrobat Standard 7.0.3
Adobe Acrobat Standard 7.0.2
Adobe Acrobat Standard 7.0.1
Adobe Acrobat Standard 7.0
Adobe Acrobat Standard 9.1
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1
Adobe Acrobat Standard 8.0
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader 9.1.3
Adobe Acrobat Reader 9.1.2
Adobe Acrobat Reader 8.1.6
Adobe Acrobat Reader 8.1.5
Adobe Acrobat Reader 8.1.4
Adobe Acrobat Reader 8.1.3
Adobe Acrobat Reader 8.1.2
Adobe Acrobat Reader 8.1.1
Adobe Acrobat Reader 7.1.2
Adobe Acrobat Reader 7.1.1
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0
Adobe Acrobat Reader 8.1.2 Security Update
Adobe Acrobat Reader 8.1
Adobe Acrobat Reader 8.0
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 9.1.3
Adobe Acrobat Professional 9.1.2
Adobe Acrobat Professional 8.1.6
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Professional 8.1.3
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Professional 7.1.3
Adobe Acrobat Professional 7.1.1
Adobe Acrobat Professional 7.0.9
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0
Adobe Acrobat Professional 9.1
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1.2 Security Update
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 7.1
Adobe Acrobat 9.1.1
Adobe Acrobat 7.0.3
Adobe Acrobat 7.0.2
Adobe Acrobat 7.0.1
Adobe Acrobat 7.0

4.0 Recommendation

The official security patch for this vulnerability has not been released by the vendor as of the writing of this advisory. Adobe plans to releases updates for this issue on October 13, 2009. It will be available for download at this URL : http://get.adobe.com/reader/
As a workaround, it is advisable for users to disable the JavaScript feature in Adobe Acrobat and Adobe Reader. JavaScript can be disable by doing the followings:

a) Disable JavaScript in Adobe Acrobat and Adobe Reader
Open Your Adobe Acrobat or Adobe Reader software
Navigate to Edit -> Preferences -> JavaScript

Select 'uncheck' the Enable Acrobat JavaScript.

Close the Adobe Acrobat or Adobe Reader Software for change to take effect.

Windows users are also advised to enable Data Execution Prevention (DEP) on the Windows

a. For Windows XP
Log in as administrator
Open the Start menu, right-click on My Computer and Choose "Properties" from the context menu
On the "System Properties" window, click the "Advanced" tab

Click settings button under Performance
Click the "Data Execution Prevention" tab

Choose "Turn on DEP for all programs and services except those I select:"

Click OK twice
Restart the computer for the changes to take effect
b. Windows Vista
Log in as administrator
Open the Start menu and right-click "Computer"
Choose "Properties" from the context menu.
Choose "Advanced system settings" from under "Tasks" in the left pane.
Approve the User Account Control query (You will have to be an administrator to do it).
Click the button "Settings" in the Performance section.
Click the tab "Data Execution Prevention"
Choose "Turn on DEP for all programs and services except those I select:"

Click OK twice
Restart the computer for the changes to take effect

MyCERT advises users of this product to keep themselves updated with the latest security announcements from the vendor. In case of public received any suspicious PDF and require our assistance for analysis, please reach us at information below:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web : http://www.mycert.org.my

5.0 References