Avast WEBforum
Other => General Topics => Topic started by: nmb on July 23, 2009, 08:42:10 AM
-
Hello everyone,
just found this new 0-day article in ISC,
http://isc.sans.org/diary.html?storyid=6847
avast doesn't detect it.(link in the article to virus total tells this)
-
Very interesting article, and especially the "Regarding Flash, NoScript is your best help here, of course."
Presumable this is also sidestepped if you don't use Adobe's PDF reader, but something like FoxitPDF reader, etc.
It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?).
So yet more advice to use firefox with NoScript and don't use Adobe Acrobat PDF reader ;D
-
list of other pdf readers (sometimes these are advised to use, previously when there were adobe exploits):
http://www.pdfreaders.org/
-
Oh God!
Does Disabling the Adobe Acrobat Plug-in for FF works?
I have NoScript as well..
-AnimeLover^^
-
@addict
yes that should work for a pdf file. if you use noscript then you are safe as mentioned in the article..
-
Does Disabling the Adobe Acrobat Plug-in for FF works?
I have NoScript as well..
Not if the PDF file which would normally be viewed on-line (using the FF plug-in) is downloaded and opened with Adobe PDF reader, as the vulnerability is also in the reader as well as adobe flash.
NoScript will only protect against the vulnerability in the flash player and then only if you haven't allowed the site to run scripts and also allow flash (NoScript, Options, Plugins tab, Forbid Adobe Flash).
-
accept with david r
-
geez it's the second time in a very short time there's a bad vulnerability in adobe products...
edit: last time that concerned "reader" only and they advised to disable JavaScript (until the fix would be available): in the reader settings itself.
-
Thanks nmb and DavidR^^
-AnimeLover^^
-
always welcome
-
Thanks nmb and DavidR^^
-AnimeLover^^
You're welcome.
-
Why turning off Javascript won't help this time
check this blog:
http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html
-
Why turning off Javascript won't help this time
check this blog:
http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html
oh, thanks for that link ;)
-
hello everyone,
update :
Adobe 'zero-day' flaw is eight months old : http://blogs.zdnet.com/security/?p=3792
-
WTF!?
Cant believe Adobe hasnt updated their products yet! >:(
What a fatal flaw!
-AnimeLover^^
-
@addict
according to this :http://www.adobe.com/support/security/advisories/apsa09-03.html the patch will be released on july 30.
-
update :
Adobe 'zero-day' flaw is eight months old : http://blogs.zdnet.com/security/?p=3792
Nothing new there, same happens in other companies, one notable one ;D
So in this case, day 0 must mean they haven't even started.
-
So in this case, day 0 must mean they haven't even started.
well said.
-
Don't know of this mitigating of the PDF document attack vector has been posted, if not it is by now: :)
http://www.kb.cert.org/vuls/id/259425
I have renamed the 2 files mentioned in the article because I have to use Adobe Reader.
It doesn't mitigate the direct Flash vuln, so that's another story.
HL
-
Adobe promises fix for critical Flash hole next week:
http://www.theregister.co.uk/2009/07/24/adobe_flash_patch_pre_alert/
Security advisory for Adobe Reader, Acrobat and Flash Player:
http://www.adobe.com/support/security/advisories/apsa09-03.html
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.