Join the God Side, Jesus is Coming…….

Source: USCERT

Public reports of two new attack vectors for a vulnerability affecting Adobe Reader and Acrobat. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 Streams.

When Adobe Reader is installed on a system, it adds an IFilter that
allows applications such as the Windows Indexing Service to index PDF
files. If the Windows Indexing Service processes a malicious PDF file
stored on the system, the vulnerability can be exploited. Exploitation
using this technique can require little to no user interaction.

In addition to adding an IFilter, the Adobe Acrobat and Reader
installation process adds a Windows Explorer Shell Extension. If
Windows Explorer displays a folder that contains a malicious PDF file,
the vulnerability can be exploited. Exploitation using this technique
also requires little to no user interaction.

Resolutions:

  1. Locate and unregister the Adobe Reader IFilter using: regsvr32 /u
    AcroRdIF.dll
  2. Locate and unregister the Adobe Acrobat IFilter using: regsvr32 /u
    AcroIF.dll
  3. Disable Adobe Acrobat Windows Shell integration to help mitigate
    the risk. This can be disabled by executing the following command:
    regsvr32 /u
    “%CommonProgramFiles%\Adobe\

    Acrobat\ActiveX\pdfshell.dll”
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud

%d bloggers like this: