Adobe fix still allows Escape from PDF
From the Bkis Global Task Force Blog:
On June 29, 2010, Adobe has published its security updates for Adobe Reader and Adobe Acrobat (APSB10-15). Among many vulnerabilities fixed this time, the noticeable one is /Launch vulnerability (CVE-2010-1240), which is said to be found by Didier Stevens. However, it is pity that the patch is not working properly.
/Launch vulnerability was released by Didier on March 29, 2010. Since then, many viruses in the wild have taken advantage of the flaw:
Virus using /Launch exploit code in MSF
Virus exploiting the true nature of PDF /Launch vulnerability
It takes Adobe three months to release the patch. I think it is delayed for too long. On the blog entry, Didier confirms that Adobe has completely fixed the flaw. Thus, I decide to check the patch carefully, and the patch turns out to be incomplete.
Firstly, I check the exploited PDF file with the latest version of Adobe Reader.
Before version 9.3.3 [...]
Continued here: http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/