Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Yet another Adobe Flash/Reader/Acrobat 0 day - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Yet another Adobe Flash/Reader/Acrobat 0 day

Adobe released that a so far unpatched vulnerability has been used in recent targeted attacks.

Flash Player 10.2.153.1 is vulnerable, as is the flash player component used to execute flash in Adobe Reader / Acrobat. Adobe Reader X is vulnerable bu but not exploitable. 

At this time, according to Adobe, the attack is performed using Flash files embedded in Word documents. 

Note that Flash may be embedded in other Office document formats like Excel. Adobe is not planning on an out of band patch at this point, as Adobe Reader X is not exploitable.

[1] http://www.adobe.com/support/security/advisories/apsa11-02.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3605 Posts
ISC Handler
I believe Acrobat Reader X is only not vulnerable if sandbox is enabled. I don't find anything that Reader X is not vulnerable if sandbox mode is not enabled. Do you have a link somewhere that describes this?
Anonymous
A little clarification: According to the advisory, it's only Adobe Reader X for Windows that is not exploitable. Adobe Reader X for Mac is.
Anonymous
Based on APSA11-02 it can be confusing. From what I read I agree Adobe X for Mac OSX is. They state
"We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011."

If I remember correctly protected mode in MAC OSX is not fully implemented. May be useful but cannot remember off hand. -->
http://learn.adobe.com/wiki/display/security/Protected+Mode+FAQ
drStrangeP0rk

11 Posts
Hm, kind of deja-vu (Flah embedded into a DOC) looking at the RSA issue which has been claimed to be fixed: http://blogs.rsa.com/rivner/anatomy-of-an-attack/
Anonymous
The problem with Adobe's approach of using the sandbox as a crutch is that not everyone can use Protected Mode since it is still buggy. For example, try embedding a PDF into a Word document while having Reader X installed and Protected Mode enabled.
Anonymous
Is it just me or is their 'about' page no longer working?

http://www.adobe.com/products/flash/about/
K-Dee

63 Posts
http://www.adobe.com/products/flash.html seems to be the new page which I was redirected to. It might be your browser is not taking the redirect due to a plugin (if it is firefox). If not, no clue. Better check for the Adobe root kit LOL.
Al of Your Data Center

80 Posts
Yeah I am redirected there as well..... but that page doesn't tell me anything about the version of Flash that I am running....
K-Dee

63 Posts
K-Dee, the 'about' page for Flash Player is now:

http://www.adobe.com/software/flash/about/
AE1

1 Posts
Thanks AE1!
K-Dee

63 Posts

Sign Up for Free or Log In to start participating in the conversation!