Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Adobe PDF Reader "Launch" vulnerability still exploitable - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe PDF Reader "Launch" vulnerability still exploitable

Earlier this week, Adobe released a patch for PDF Reader and Acrobat, resolving among many vulnerabilities the "Launch" vulnerability which allowed an attacker to execute arbitrary code [1]. One of the problems was that this vulnerablity existed due to a feature in the PDF specification and Adobe was not willing to alter the specs in order to fix this problem.

As pointed out in a blog post by Le Manh Tung, the vulnerability is still exploitable if the command is included in quotes. However, unlike in earlier versions of the PDF reader, it is no longer possible to modify the warning dialog giving users a fighting chance to not execute the code.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1240

------

Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019

Johannes

3575 Posts
ISC Handler
Wow. Progress.
No Love.

37 Posts
Why has Adobe been so slow on the uptake?

It's frustrating to know that other groups have known about PDF flaws for over a year, and Adobe's not interested in fixing the problems until they reach critical mass.
No Love.
3 Posts
Steve Jobs says Adobe is a company that could do great things, but they are LAZY. When I see the way they have been slow on nearly every security update for a year... I give that analysis some credence. We've had PDF holes actively exploited (or attempted) quite a bit using the web ad attack vector (google: NY Times malware). To be told by the vendor that they will be patching in a few weeks, when you're currently being attacked makes you want to look for alternatives to the product.
No Love.
1 Posts

Sign Up for Free or Log In to start participating in the conversation!