Does the script blocker program account for the security issue in Adobe’s PDF Javascript?
Edit:
The new one I meant to reference.
Ref: http://threatpost.com/en_us/blogs/attackers-targeting-unpatched-adobe-flaws-121509
Derek
Does the script blocker program account for the security issue in Adobe’s PDF Javascript?
Edit:
The new one I meant to reference.
Ref: http://threatpost.com/en_us/blogs/attackers-targeting-unpatched-adobe-flaws-121509
Derek
Adobe advises users to turn off JavaScript in Reader or Acrobat until they issue a patch. Go to Edit-Preferences-JavaScript and uncheck the enable button.
For about 100 Users, without a GPO server it is a bit annoying. I asked for Avast’s ability to protect the computer from this. We have the Pro Version.
A member of the Avast team will have to answer that. As of Dec. 14 Avast did not detect it.
Excerpts from Shadowserver Foundation: http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
Exploit Details
We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009. However, the number of attacks are limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe. We are fully aware of all the details related to the exploit but do not plan to publish them for a few reasons:
With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult.
Antivirus detection should improve in the coming weeks and hopefully a patch. Right now only 5 out of the 41 different Antivirus vendors used by Virustotal are detecting this threat. Even then their detection appears to be generic and is not currently specifically detecting this exploit. The 5 vendors to detect the threat are:
* (McAfee-GW-Edition) *note this is not the same as McAfee Desktop or Mail Server Edition
* (eSafe)
* (NOD32)
* (AntiVir)
* (Kaspersky)