Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Adobe January 2012 Black Tuesday overview SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe January 2012 Black Tuesday overview

Adobe has released 1 bulletin today.

This updates Adobe products to the following versions:

  • Adobe Reader and Acrobat
    • 10.1.1 and previous
# Affected Known Exploits Adobe rating
APSB12-01 Multiple vulnerabilities in the adobe reader and adobe acrobat software allow privilege escalation (windows only) or random code execution.
Reader & Acrobat

CVE-2011-2462
CVE-2011-4369
CVE-2011-4370
CVE-2011-4371
CVE-2011-4372
CVE-2011-4373
Could allow for remote code execution. Update to 10.1.2 or 9.5. Critical

APSB11-30 and APSA11-04 were also updated.

Next scheduled Adobe security update is 10 April 2012.

Cheers,
Adrien de Beaupré
intru-shun.ca

Adrien de Beaupre

353 Posts
ISC Handler
Hi,

On reading the release docs, it appears version 8.3 isn't affected. Anyone else come to that conclusion? Are we finally doing better running and ancient version than the latest?
Anonymous
Looking at the revised bulletin, APSB 11-30, it appears that Linux users need an update also. Under "Affected Software":
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and Linux

Under "Solutions":
Adobe Reader 9.x users on Linux can find the appropriate update here:
ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/.

Cheers,
Rich
RichG74

5 Posts
Repete - Adobe end of life'd Acrobat 8.x, so there are no patches at all and there wasn't any mention of 8.x in the last security bulletin. Scary times.
Anonymous
After upgrading to 10.1.2 our machines (XP SP3) started duplex printing pdfs by default. After some digging, creating/changing this key fixes the problem:

[HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral]
"iprintBookletDuplexMode"=dword:00000001

Maybe this will help someone else.
-Joel
Joel B

8 Posts
Perhaps I've missed something, but it appears to me that it has now been 34 days since the 0-day was announced in Adobe Flash 11.1.102.55 (see http://isc.sans.edu/diary.html?storyid=12166) and there has yet to be even an acknowledgment from Adobe that they are working on the issue.
Anonymous
Correction,
"iDuplexMode"=dword:00000001

NOT iprintBookletDuplexMode
Sorry for the confusion.
-Joel
Joel B

8 Posts
@Anyonymous.
It's scheduled to be released two and three quarters days after you've finished patching all your Acrobat Reader installations.
Joel B
57 Posts

Sign Up for Free or Log In to start participating in the conversation!