Wed, Mar 11 2009 6:47
New Attack Vectors for Adobe JBIG2 Vulnerability
US-CERT is aware of public
reports of two new attack vectors for a vulnerability affecting Adobe
Reader and Acrobat. This vulnerability is due to a buffer overflow
condition that exists in the way Adobe Acrobat Reader handles JBIG2
Adobe Reader is installed on a system, it adds an IFilter that allows
applications such as the Windows Indexing Service to index PDF files.
If the Windows Indexing Service processes a malicious PDF file stored
on the system, the vulnerability can be exploited. Exploitation using
this technique can require little to no user interaction.
addition to adding an IFilter, the Adobe Acrobat and Reader
installation process adds a Windows Explorer Shell Extension. If
Windows Explorer displays a folder that contains a malicious PDF file,
the vulnerability can be exploited. Exploitation using this technique
also requires little to no user interaction.
US-CERT encourages users and administrators to incorporate the following workarounds to help mitigate the risks:
- Locate and unregister the Adobe Reader IFilter using: regsvr32 /u AcroRdIF.dll
- Locate and unregister the Adobe Acrobat IFilter using: regsvr32 /u AcroIF.dll
Adobe Acrobat Windows Shell integration to help mitigate the risk. This
can be disabled by executing the following command: regsvr32 /u
Additional information about the Adobe Reader and Acrobat JBIG2 vulnerability can be found in the Vulnerability Notes Database.
Filed under: Alerts
US-CERT will provide additional information as it becomes available.