Saturday, September 11, 2010

New Adobe Reader 0-day

This week Adobe published an advisory for the Reader, from the advisory:


"This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild."


What is interesting about this vulnerability is that the exploit is so sophisticated that it affects all versions of Windows and it bypasses all windows controls including DEP and ASLR. I wrote the following while explaining DEP and the security benefits.


"Last month's Adobe Acrobat critical vulnerabilitythat existed in a function called util.printd leads to a memory corruption causing code injection also could have been prevented if organizations had the DEP enabled on their machines."


Metasploit blog analyzed this exploit and identified the following:

* Vulnerability Type: Stack Buffer Overflow
* Bypasses DEP: Yes
* Bypasses ASLR: Yes
* Exploit Requires JS: Yes
* Vulnerability Requires JS: No


No comments: