Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - PDF vulnerabilities InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PDF vulnerabilities

Published: 2006-09-19
Last Updated: 2006-09-20 00:01:15 UTC
by donald smith (Version: 1)
0 comment(s)
Several new Adobe pdf vulnerabilities were recently announced.
The author claims these are basic vulnerabilities in the pdf api or architecture. The author tested his poc's against Acrobat reader and Adobe professional.
 
The details are available here.
http://michaeldaw.org/
http://www.eweek.com/article2/0,1895,2016606,00.asp

Here is a quick risk assessment.

How widely deployed is the application?
Adobe reader is widely used and deployed. (9)

Are vendor patches available?
No patches currently available (10)

Is mitigation available and if so how complete is the mitigation?
No mitigation is currently available. (10)

Is user participation required?

Yes. The user first has to download or click the link to a pdf. (5)
So some user interaction takes place.
I have not tested the POCs but several people have and their results do not match. Depending on who tested it you may have to click allow.
See this discussion on who tested the pocs and their results.
http://www.networksecurityarchive.org/html/FullDisclosure/2006-09/msg00252.html

Is the vulnerability cross platform?

Yes. Any exploits will still have to run system dependant malware on the end host but there are plenty of malware binaries that could be used. (8)

Is proof of concepts or exploit code available?
The poc for two of the vulnerabilities are publicly available (10)

Overall risk score 8.7 on a scale of 0 ? 10 with 10 being the highests.
This is based on the numbers I assigned.
Your risk might be slightly higher or lower depending on the numbers you would assign and any mitigation factors. In most risk assesments I do I include the value of the system that is vulnerable. In this case that is difficult to do so I have left that out.

 

Keywords:
0 comment(s)
Diary Archives