Adobe fix still allows Escape from PDF

by Carol~ Moderator - 6/30/10 2:46 PM

In Reply to: NEWS - June 30, 2010 by Carol~ Moderator

From the Bkis Global Task Force Blog:

On June 29, 2010, Adobe has published its security updates for Adobe Reader and Adobe Acrobat (APSB10-15). Among many vulnerabilities fixed this time, the noticeable one is /Launch vulnerability (CVE-2010-1240), which is said to be found by Didier Stevens. However, it is pity that the patch is not working properly.

/Launch vulnerability was released by Didier on March 29, 2010. Since then, many viruses in the wild have taken advantage of the flaw:

Virus using /Launch exploit code in MSF
Virus exploiting the true nature of PDF /Launch vulnerability

It takes Adobe three months to release the patch. I think it is delayed for too long. On the blog entry, Didier confirms that Adobe has completely fixed the flaw. Thus, I decide to check the patch carefully, and the patch turns out to be incomplete.

Firstly, I check the exploited PDF file with the latest version of Adobe Reader.

Before version 9.3.3 [...]

Continued here: http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/