February 22, 2009

How to avoid Adobe Acrobat memory corruption exploit?

Adobe has released security bulletin which describes a memory-corruption vulnerability that affects Adobe Reader and Acrobat. Any attacker can exploit this vulnerability by fooling a user to load a specially crafted PDF file.
Whenever a browser visits a webpage with PDF content, Acrobat loads itself up to display the content without any prompt.

To prevent this, users must disable JavaScript in Adobe Reader and Acrobat. Doing this may prevent some exploits. Acrobat JavaScript can be disabled using the Preferences menu Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript option.

To prevent Internet Explorer from automatically opening PDF documents and instead show a prompt allowing the user to choose whether to open or not, import the following as a .REG file:

Windows Registry Editor Version 5.00


Also disable the display of PDF documents in the web browser. This can be done by doing the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the preferences option.
4. Choose the Internet section.
5. Un-check the "Display PDF in browser" check box.

Avoid acessing PDF documents from untrusted sources. Never open unfamiliar pdf documents, especially those that come through mail without your knowledge or that are hosted on a website.

No comments: