Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    A new proof-of-concept exploit that takes advantage of a vulnerability in the way URIs (uniform resource identifier) – a compact string of characters that identify a resource- are handled in PDF files was released with a full disclosure [http://security.fedora-hosting.com/0day/pdf/pdf_poc.pdf].

    PoC PDF file
    Opening this PDF file also opens a New Message window

    PoC PDF file
    URI of the PDF file shown above

    The vulnerability is caused when Adobe Acrobat passes the parameter received by the URI command to a ShellExecuteA API.

    It affects the following Adobe products:

    • Adobe Reader 8.1 and earlier versions
    • Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions
    • Adobe Acrobat 3D

    As of this writing, there is still no patch available for the said vulnerability. However, exploits like this can be prevented from executing by modifying the following registry entry:

    For Acrobat:

    HKEY_LOCAL_MACHINESOFTWAREPoliciesAdobeAdobe Acrobat8.0 FeatureLockDowncDefaultLaunchURLPermstSchemePerms = version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2

    For Reader:

    HKEY_LOCAL_MACHINESOFTWAREPoliciesAdobeAcrobat Reader8.0FeatureLockDowncDefaultLaunchURLPermstSchemePerms = version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2

    This vulnerability can be used by malicious programs to enter a target system through the automatic opening of URL and/or downloading malicious files over the internet.

    More information is posted on Adobe security advisories Web site. [http://www.adobe.com/support/security/advisories/apsa07-04.html]

    Additional information taken from http://www.heise-security.co.uk/news/96982.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice