topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 2:58 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Adobe Acrobat Reader Security Vulnerability  (Read 18146 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Adobe Acrobat Reader Security Vulnerability
« on: October 09, 2007, 11:24 AM »
Adobe has fessed up to a dangerous code execution vulnerability affecting software programs installed on millions of Windows machines.

The flaw, publicly disclosed more than three weeks ago, could allow hackers to use rigged PDF files to take control of Window XP computers with Internet Explorer 7 installed.

The bug affects Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.


Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #1 on: October 09, 2007, 11:31 AM »
Thanks for alerting us to this one, Jesse. I'm off to read up on it and hopefully secure my computer!

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #2 on: October 09, 2007, 11:34 AM »
Is this a flaw in the Adobe rendering engine or the PDF file format itself?

If I use (say) FoxIt to view PDFs am I vulnerable?

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #3 on: October 09, 2007, 11:41 AM »
Interesting - this is described as a "complicated workaround" but it's a simple matter of changing a "2" to a "3"... Hardly seems like rocket science.

Note that:

Adobe categorizes this as a critical issue and recommends that users apply the workaround described above for their product installations.

Ralf, this is a problem with the Acrobat rendering engine and not the file format itself, so if you are using Foxit and do not have Acrobat Reader installed, you should be fine.

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #4 on: October 09, 2007, 05:01 PM »
No, but be careful (search for "Foxit")

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #5 on: October 09, 2007, 06:56 PM »
Interesting, thanks for correcting me on that Lashiec.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #6 on: October 09, 2007, 07:09 PM »
Is this a flaw in the Adobe rendering engine or the PDF file format itself?

If I use (say) FoxIt to view PDFs am I vulnerable?

It's kind of not possible for a file format to have a vulnerability. If you're working from a spec., then whatever language you implement it in will have different ways to handle things.

If you're using an unmanaged language like C and implementing something like a "title" field in a file header that in the spec. may only be up to 255 characters (or whatever), then it's up to you to make sure that you check the size, etc., and ensure that you don't allow a buffer overflow, etc. Perhaps you need to null terminate it. Perhaps there's another mechanism for that like delimiters. Those considerations mostly apply to reading as if you're writing a file nothing really matters, and if you're a virus writer, it's the reader application that you want to exploit by injecting code (or whatever).

So if you are reading a file and encounter a title field in a file header that is 4,582 bytes long before you encounter a null termination, then you've got to discard everything after the 255th byte, or you need to do some kind of error checking. etc. etc. etc.

It is possible for there to be a flaw in the spec., but that's a different question entirely. Most exploits are for implementations.

The obvious example of a 'flawed spec.' is Windows 9x. It was designed as a stand-alone personal computer, and not a network computer. Once it became connected to untrusted networks, the problems became painfully apparent. That of course is all debatable, but should kind of point out the difference somewhat.


Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Ralf Maximus

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 927
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #7 on: October 09, 2007, 09:16 PM »
Renegade: I take your point, and mostly agree.  However if a specification allows for (say) an executable to be launched with elevated security rights, is that a flaw in the specification?  Or just a poor decision by the designer?

My question was more along these lines -- is there something in the spec itself that warrants concern? 

I could probably figure it out myself by reading about the PDF internal layout, comparing Adobe & FoxIt implementations, and googling for security news... but it seemed more expedient to simply ask here.  Plus reading all that crap about PDF seems about as exciting as waiting for my solar flashlight to charge at night.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #8 on: October 10, 2007, 12:16 AM »
I don't believe that there is anything in the PDF spec. that warrants a concern, but I could be wrong. It would be unusual for there to be a problem there.

Another example of a security "hole" is the ZIP 2.0 encryption standard. It's considered "weak" because if you have one of the files from a ZIP archive in unencrypted form, you can decrypt the entire archive. Well... It is a problem, but it's not really all that serious if you're just using it for casual security. If you know that you have the only copy of all of the files, then the entire archive is secure. So while there is a kind of exploit for it, it really isn't a huge worry as the exploit is very very specific. It's not like a buffer overflow that can be exploited at will. 

As for watching your solar flashlight recharge at night... Please don't. :) (I got a kick out of that one! Thanks for the laugh.) But if you did find a real PDF exploit... Those things are worth money! ;) Well... to the bad guys anyways...
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

SKA

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 229
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #9 on: October 10, 2007, 01:52 AM »
Javacool (of SpywareBlaster fame) has a free tool to fix this:

http://www.javacools...ware.com/pdffix.html

Rgds
SKA

Grorgy

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 821
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #10 on: October 10, 2007, 03:25 AM »
ahhh thanks for that SKA, thats a whole lot easier  :Thmbsup:

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #11 on: October 10, 2007, 04:09 AM »
Anyone know if Acrobat 7 Professional is vulnerable?

I can't afford (and don't need) to upgrade but Adobe says it applies to version 8.1 and earlier versions. However, the workaround registry fix can't be applied to Acrobat 7 as the registry entry does not exist at all. There is a registry entry which is similar (but store in the HKLM/Programs/Adobe ... branch) but it doesn't have the specific permissions key tSchemePerms it just has sSchemePerms which doesn't have a value including mail anyway ?

dimtiri

  • Participant
  • Joined in 2007
  • *
  • Posts: 1
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #12 on: October 11, 2007, 09:41 AM »
Anyone know if Acrobat 7 Professional is vulnerable?

I can't afford (and don't need) to upgrade but Adobe says it applies to version 8.1 and earlier versions. However, the workaround registry fix can't be applied to Acrobat 7 as the registry entry does not exist at all. There is a registry entry which is similar (but store in the HKLM/Programs/Adobe ... branch) but it doesn't have the specific permissions key tSchemePerms it just has sSchemePerms which doesn't have a value including mail anyway ?

Actually I went into the registry and followed their path and found sSchemePerms instead of tSchemePerms and it still had the mailto in it. But is this the same key?

SKA

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 229
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #13 on: October 11, 2007, 11:41 PM »
Seems Windows is the culprit , not Adobe - for this flaw

http://www.betanews...._PDF_Flaw/1192118748

SKA

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #14 on: October 12, 2007, 03:42 AM »
Seems Windows is the culprit , not Adobe - for this flaw
http://www.betanews...._PDF_Flaw/1192118748
SKA
If the exploit can happen just by opening a .pdf file, without clicking the link, the problem is with Adobe, not Microsoft.

Depending on ShellExecute to do URI filtering? That should be punishable by death. You just do not pass on unverified input, whether it's coming from the keyboard, a file, network, etc.
- carpe noctem

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #15 on: October 12, 2007, 10:32 AM »
While not the same thing the pointing fingers of blame onto ms reminds me of the IE-Firefox Exploit fiasco.
« Last Edit: October 12, 2007, 10:34 AM by Eóin »

SKA

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 229
    • View Profile
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #16 on: October 14, 2007, 12:40 AM »
<If the exploit can happen just by opening a .pdf file, without clicking the link, the problem is with Adobe, not Microsoft>

Well f0dder <grin> MS doesnt agree with you - they owned up to it being a Windows XP+IE7 bug per Betanews:

http://www.betanews....Microsoft/1192118748

SKA

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Adobe Acrobat Reader Security Vulnerability
« Reply #17 on: October 14, 2007, 04:19 AM »
Well f0dder <grin> MS doesnt agree with you - they owned up to it being a Windows XP+IE7 bug per Betanews:
http://www.betanews....Microsoft/1192118748
They actually don't disagree.

What Microsoft has patched is the ShellExecute function, which didn't do proper verification. But if something can get to ShellExecute without user intervention, you have a serious problem...
- carpe noctem