bit-tech.net

Adobe Reader attacked by JavaScript bug

Adobe Reader attacked by JavaScript bug

The flaw in Adobe Reader - which also affects some versions of Adobe Acrobat - allows an attacker to completely control a system.

Adobe's popular Reader PDF viewer has come under attack once again as ne'er-do-wells target an exploit in its JavaScript handling.

According to an article over on CNet, the exploit - which is being described as a 0-day attack targeting both the latest version of Adobe Reader as well as Adobe Acrobat 9.1.3 and earlier - is being actively used in the wild, and is capable of affecting systems based on any version of Windows from 98 up to Windows Server 2003 - with the exception of Windows Vista and the as-yet unreleased Windows 7.

The vulnerability, spotted by anti-virus firm Trend Micro, has been labeled Troj_Pidief.Uo, and uses the JavaScript-based malware package Js_Agent.Dt to drop a backdoor application dubbed Bkdr_Protux.bd" - giving the attacker full control over the system.

Although Adobe has written a patch which addresses the targeted issue, the company has stated it is holding back its release until tomorrow - to co-incide with Microsoft's traditional Patch Tuesday monthly release cycle and give system administrators an easier time of things. However, this does leave systems vulnerable for an extra day.

This isn't the first time that JavaScript flaws have proven problematic for Adobe's popular PDF programs: back in April the company admitted that its products were the victim of another 0-day vulnerability, which itself echoed an attack from February of the same year. Another JavaScript vulnerability was discovered in June of last year, just one month after Adobe updated its Flash player package to protect against another scripting vulnerability.

For now, the work-around for the issue remains the same as always - disable JavaScript processing via the Preferences menu.

Are you surprised to see Adobe fall victim to yet another JavaScript-based attack, or will this sort of thing keep happening until the company completely redesigns its JavaScript engine from the ground up? Share your thoughts over in the forums.

11 Comments

Discuss in the forums Reply
frojoe 12th October 2009, 14:27 Quote
Part of me wonders how angry one can be if this only effects windows versions two iterations old(XP). The other part thinks adobe needs to get it together with their security, and that anyone on windows might as well disable JavaScript permanently with adobe programs.
proxess 12th October 2009, 14:27 Quote
It's about time they revised their javascript code.
shanky887614 12th October 2009, 14:47 Quote
i dont think this will affect many people on xp becasue most will just disable java for adobe acrobat reader
quite easy if you ask me cause there are programs allready that will do it or just simply stop the program from conecting to the internet
riggs 12th October 2009, 15:49 Quote
Quote:
Originally Posted by frojoe
Part of me wonders how angry one can be if this only effects windows versions two iterations old(XP).

Well, Win7 isn't out yet so there's no point in wasting time making sure the exploit works with it. Plus, I'd guess that the user base for XP is still higher than Vista. I know plenty of people who still run XP whilst waiting for Win7. Hell, I know a few people that recently bought new machines with Vista pre-installed, only to wipe the HDD and install a pirate copy of XP!
B3CK 12th October 2009, 16:37 Quote
Quote:
Originally Posted by riggs
Well, Win7 isn't out yet so there's no point in wasting time making sure the exploit works with it. Plus, I'd guess that the user base for XP is still higher than Vista. I know plenty of people who still run XP whilst waiting for Win7. Hell, I know a few people that recently bought new machines with Vista pre-installed, only to wipe the HDD and install a pirate copy of XP!

I install legal versions of xp on a quite a few peoples laptops and desktops, from vista factory images. Alot of people seem to still think Vista is full of bugs, and the interface and settings have changed so much that they also feel lost and confused when trying to do anything in it.

As to the Adobe problem, maybe we'll get (un)-lucky(?) and M$ will use this as launchpad to replace Java with a platform of their own?
Greenie 12th October 2009, 17:52 Quote
B3ck: Java and Javascript are very different beasts.

It amazes me how often there are 0-day exploits for acrobat - usually concerning some extra stuff they bundle with the reader like javascript or something. They should at least warn users that the PDF is attempting to execute code, rather than blindly trusting that the PDF is non-malicious.
B3CK 12th October 2009, 23:04 Quote
Quote:
Originally Posted by Greenie
B3ck: Java and Javascript are very different beasts.

It amazes me how often there are 0-day exploits for acrobat - usually concerning some extra stuff they bundle with the reader like javascript or something. They should at least warn users that the PDF is attempting to execute code, rather than blindly trusting that the PDF is non-malicious.

Programing and development are not in skill set, yet. Thanks for clearing that up.
Anyone know if the same vulnerabilities exist in the foxit reader?
LordPyrinc 13th October 2009, 02:58 Quote
I've had acrobat reader pop up more than once during web surfing. The software definitely has some vulnerable holes in it. So far I've managed to prevent it from executing anything malicious, but I'm still a pissed off that it just pops up while surfing and wants to open a file.
airchie 13th October 2009, 10:41 Quote
I know Foxit has JS capability and its enabled by default.
I also know that in the past, some exploits affecting Adobe's PDF viewer have affected Foxit too.

Bottom line is, why are PDF viewers trying to run code at all?
They are meant to be simple viewers.
They used to be less than a meg to download and now they're huge.
I think Adobe's PDF viewer is the very epitome of bloatware and everyone's security is the resultant victim. :(
tad2008 13th October 2009, 13:37 Quote
Quote:
Originally Posted by airchie
I know Foxit has JS capability and its enabled by default.
I also know that in the past, some exploits affecting Adobe's PDF viewer have affected Foxit too.

Is Foxit PDF Reader also affected though or is this purely an Adobe issue?

I have steadily moved away from Commercial Software and now use mostly open source software with the exception of Windows (for Games) at least until one of the *nix distros and software developers better support games and apps. I also still use Photoshop for the time being, at least until I can get to grips with using Gimp.
airchie 14th October 2009, 11:51 Quote
Quote:
Originally Posted by tad2008
Is Foxit PDF Reader also affected though or is this purely an Adobe issue?
Not sure, but I'd disable the JS handling in Foxit too unless you need it. Just asking for trouble having it enabled IMO.
Quote:
Originally Posted by tad2008
I have steadily moved away from Commercial Software and now use mostly open source software with the exception of Windows (for Games)
Hehe, me too. Give me Steam for Linux and I'll be a very happy man... :D
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums