Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Acrobat pdf 0-day exploit, No JavaScript needed!

Published: 2009-02-25
Last Updated: 2009-02-25 02:12:33 UTC
by Andre Ludwig (Version: 1)
5 comment(s)

So there is a brief blog post linked below that highlights the fact that the new adobe PDF vulnerability can be exploited without the use of JavaScript.  This is obviously really bad news for anyone who is responsible for protecting environments where PDF's are present.  I think what a lot of people will find is just how prevalent JBIG2 streams are in "run of the mill" PDF files that are floating around their systems.  This means that simply looking for JavaScript + JBig streams in PDF files is not going to do you much good moving forward. 

All of the current observed samples are still utilizing JavaScript; this will NOT be the case moving forward!

Let me repeat again. YOU DO NOT NEED JS TO MAKE THIS EXPLOIT WORK. The JavaScript method employed by these attacks is "tried and true" when it comes to creating the right conditions for a reliable exploit. 

***I have not been able to verify secunia's claim independently at this point in time. (I would love to be able to verify this)

Secunia article
http://secunia.com/blog/44/

Now on to the important part of this post.

14 Days left before the patch is out.

 

5 comment(s)
Diary Archives