News is circulating that another 0 Day vulnerability has been found in the Adobe Acrobat PDF file format. It appears to affect all versions of PDF files. Given the widespread use of PDF files and their recent use in spamming emails from the storm botnet, this could pose a serious threat to many computer systems.
Details are not yet available on how this vulnerability works nor how best to protect against it. The vulnerability has been made known to Adobe but until a patch has been released no details are being given apart from the following information supplied by the person who discovered the vulnerability;
Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box. Completely!!! Invisibly and unwillingly!!! All it takes is to open a PDF document or stumble across a page which embeds one.
My advise for you is not to open any PDF files (locally or remotely). Other PDF viewers might be vulnerable too. The issues was verified on Windows XP SP2 with the latest Adobe Reader 8.1, although previous versions are also affected.
A Youtube video of the exploit in action is also available, ZDNET has some information and the SANS Internet Storm Centre is looking for more information.
My advice is similar to that given in the Reader and Weep blog post regarding another vulnerability found in the Adobe Acrobate Reader earlier this year. Until a patch is available or more information is forthcoming on how to protect against this threat then the following may be useful;
- Educate users of the dangers and advise them not to click on any links to .PDF files hosted on the Internet, and especially in emails from untrusted or unverified sources.
- When browsing the web, alert users to be wary of links leading to .PDF files.
- The above could be reinforced by using your email and Internet content filtering systems to block, or quarantine, any emails or web traffic with PDF files as attachments.
- I suggest a discussion is held with senior management within your organisation to highlight the problem so that a valid risk assessment can be made and based on that discussion the steps to mitigate the problem should be decided and implemented.