Technical Cyber Security Alert TA08-043A has just been issued by US-CERT warning of multiple vulnerabilities affecting Adobe Reader and Acrobat.
The vulnerabilities affect Adobe Reader version 8.1.1 and earlier as well as Adobe Acrobat Professional, 3D, and Standard versions 8.1.1 and earlier. The worst of the vulnerabilities could potentially allow an attacker to execute arbitrary code on a user’s PC.
According to US-CERT’s advisory (which is based in part on Adobe Security advisory APSA08-01) :
An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. Acrobat integrates with popular web browsers, and visiting a web site is usually sufficient to cause Acrobat to load PDF content.
US-CERT also notes that currently they are aware of exploits in the wild for the Adobe vulnerabilities and that at least one of the vulnerabilities is being actively exploited.
The Internet Storm Center (ISC) at SANS has actually been aware of exploits in the wild since at least Feb 9th. At least one of the actual vulnerabilities was reported to Adobe as early as October of 2007 according to SANS, with iDefense advisory #464641 titled ‘Adobe Reader Buffer Overflow Vulnerability’.
ISC handler Raul Siles also notes that even users with anti-virus are at risk:
No anti-virus vendors currently detect the malicious PDF files though we have provided samples to all. This type of exploit works for both web browser and email attack vectors. Exploitation affects all 7.x versions of Adobe Acrobat Reader and versions prior to 8.1.2. Complete mitigation requires upgrading to Adobe Acrobat 8.1.2.
So if you’re running Acrobat (and you probably are) make sure that you’re running 8.1.2 and if you’re not..go and get it!