BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Adobe ActiveX

Disclosed November 28, 2006    No Patch Available

Vulnerability Description:

Multiple vulnerabilities have been disclosed by FrSIRT that describe vulnerable methods within the Adobe Acrobat/Reader ActiveX control. Although there was no supplied proof of concept for these vulnerabilities, releasing the method names as well as the fact that they are ‘memory corruption’ errors and ‘could be exploited by attackers to take complete control of an affected system’ without a vendor-supplied patch will put many Adobe users at risk.

Vendors:

Adobe

Vulnerable Software/Devices:

Adobe Reader 7.0.0 - 7.0.8
Adobe Acrobat Standard/Professional 7.0.0 - 7.0.8

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Blink® Personal Edition protects from this vulnerability.
BeyondTrust's Blink® Professional Edition protects from this vulnerability.
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

Patch:
APSB06-20: Update available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7

Mitigation:

Now that a patch is released, the best form of mitigation is to install the patch from Adobe. It should be noted that users that cannot upgrade to Adobe Reader users who cannot update to Ready 8 must manually replace the vulnerable dll on their system.
Prior to the patch, the best form of mitigation is available by kill-bitting the CLSIDs for the Adobe ActiveX Control (CA8A9780-280D-11CF-A24D-444553540000) following the directions of KB240797. This will disable calls to the ActiveX from web pages, but will still allow PDF documents to be displayed within web browsers when they are browsed to directly.
In the vendor response, Adobe suggests removing the AcroPDF.dll file. This is another form of mitigation which will cause all PDF documents to be opened outside of a web browser with Acrobat directly, but may prove to be a difficult mitigation deployment in large enterprises when compared to the registry-based kill-bit solution.

Links:

Vendor Response (Adobe)
Original Disclosure (FrSIRT)

CVE(s):

None

Leave a Reply