+ Post New Thread
Results 1 to 3 of 3
IT News Thread, Zero-day vulnerability in Adobe Reader 9, 10 & 11 in Other News; No fix available yet, although if you have 'Protected View' enabled in Adobe Reader XI you should be safe . ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,746
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778

    Zero-day vulnerability in Adobe Reader 9, 10 & 11

    No fix available yet, although if you have 'Protected View' enabled in Adobe Reader XI you should be safe.

    Source: Adobe (via FireEye)

    Quote Originally Posted by FireEye
    We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.

    Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

    We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files. We will continue our research and continue to share more information.
    Quote Originally Posted by Adobe
    A Security Advisory (APSA13-02) has been posted in regards to critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

    Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

    Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.
    For a technical overview of this vulnerability...

    The Number of the Beast « FireEye Blog

  2. #2


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,746
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778
    Adobe have released Adobe Reader XI 11.0.02 which fixes the vulnerability described above.

    Download: AdbeRdr11002_en_US.exe

  3. #3

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,498
    Thank Post
    1,490
    Thanked 1,049 Times in 918 Posts
    Rep Power
    301
    -_- Why is it every time I just download and re-deploy the Adobe stuff do they within 72hrs of me doing it launch ANOTHER new version never mind once it hits the MSI release and customisation tool works I'll send that one out again and then do the same process 5 days later for the next version

SHARE:
+ Post New Thread

Similar Threads

  1. Adobe Reader X 10.1 out
    By DrCheese in forum Windows
    Replies: 25
    Last Post: 28th June 2011, 11:54 AM
  2. Launching Adobe Reader frin Internet Explorer in Kiosk Mode
    By brahma in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 16th December 2009, 09:54 AM
  3. sticky notes in adobe reader ?
    By mac_shinobi in forum Windows
    Replies: 0
    Last Post: 17th January 2007, 12:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •