Zero Day Vulnerability Hits Adobe

A new zero-day vulnerability, first disclosed on Monday, affects the latest versions of Adobe Acrobat and Reader. The bug might allow an attacker to remotely exploit machines.

"Analysis shows that malicious PDF documents invoke a function call to Doc.printSeps() to take advantage of the vulnerability. Proof of concept code plants shell code in memory using heap spraying to exploit the vulnerability." said Websense, which first reported the flaw to Adobe.

According to vulnerability research firm Vupen Security, which first publicly disclosed the critical vulnerability, attackers could exploit the flaw "to crash an affected application or compromise a vulnerable system by tricking a user into opening a specially crafted PDF file."

Vupen said it confirmed the vulnerability affects Adobe Reader version 9.4 running on either Windows 7 or Windows XP SP3. In addition, it said Reader version 8.2.5 (and prior), Adobe Acrobat version 9.4 (and prior) and Adobe Acrobat version 8.2.5 (and prior) are also affected.

Adobe acknowledged a "potential" vulnerability and said that "arbitrary code execution has not been demonstrated, but may be possible." It also said that while Reader was affected, Acrobat was not.

To prevent the vulnerability from being exploited, Adobe recommended using the JavaScript Blacklist Framework -- introduced in versions 9.2 and 8.1.7 of Reader -- which provides "granular control over the execution of specific JavaScript APIs." Vupen, on the other hand, as a workaround recommends completely disabling JavaScript in Acrobat and Reader.

Websense said that, to date, no attacks using the exploit have been seen in the wild.

Adobe is set to release patched versions of Adobe Reader and Acrobat versions 9.x the week of Nov. 15.