Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Two Adobe 0-day vulnerabilities SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Two Adobe 0-day vulnerabilities

There are two 0-day vulnerabilities on Adobe Acrobat announced today, all current versions are vulnerable. One exploits the annotation function and the other exploits the custom Dictionary function. Both of these buffer overflow vulnerabilities exist in the Javascript system of the Adobe Acrobat and can be mitigated by disabling Javascript on Adobe Acrobat.

Since the exploits for these vulnerabilities on Linux platform are posted to the Internet, we can just guess that someone will somehow make it work on Windows and use it to spread botnet agents shortly.

http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

I will be teaching next: Leading Cloud Security Design and Implementation - SANS Security Leadership: June 2021

Jason

93 Posts
ISC Handler
Apr 29th 2009

Sign Up for Free or Log In to start participating in the conversation!