tag
Adobe

Adobe: Wake Up & Smell the Javascript

Ever since Adobe’s recent updates to Acrobat and Reader, I’ve been irritated by the fact that every time I open a PDF, I’m prompted to  re-enable JavaScript, which I disabled while we were all waiting patiently for those patches to the last round of vulnerabilities. "This document contains JavaScripts. Do you want to enable JavaScripts

Targeted Malware and Microsoft

Microsoft issued an advisory last week – Microsoft Security Advisory (969136) "Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution" – that "could allow remote code execution if a user opens a specially crafted PowerPoint file." The advisory uses very similar language to Microsoft’s recent advisory on an Excel vulnerability, referring to "only…limited and

Adobe Reader & Acrobat: Updates on Updates

Well, I’ve still had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to Adobe’s Security Notification Service. However, the RSS feed here does work. Which is how I know that Acrobat Reader 9.1 and 8.1.4 for Unix were released yesterday, right on time. As expected, these address the

Adobe Patches & Communication

Well, Adobe are still not speaking to me: I’ve had no information about updates to address the recent Acrobat vulnerability/exploits to either of the addresses I subscribed to its Security Notification Service. (See PPPS below.) However, something positive is happening out there in the old clay homestead: updates have arrived for a machine on which

Patches Despatches

In a previous blog relating to Acrobat vulnerabilities, I suggested that you might want to sign up for Adobe’s alerts service. I did, but still haven’t received any news from it. However, it appears that The Register (or one of its sources) did, so I’m nevertheless aware that Adobe has released updates to address the

Excel Exasperation, Acrobat Aggro

As The Register has pointed out, the Microsoft Security Bulletin Advance Notification for March 2009 doesn’t mention a forthcoming patch for the Excel vulnerability we’ve already flagged in this blog here and here and here. Since, as John Leyden remarks, the exploit is being actively exploited, it may seem that Microsoft are not taking the issue seriously

Acrobat Amendment

A reminder about about the Acrobat reader vulnerability we blogged about several times recently (http://www.eset.com/threat-center/blog/?p=593, http://www.eset.com/threat-center/blog/?p=579, http://www.eset.com/threat-center/blog/?p=572). Remember I said "As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly"? Predictably, there are now known exploits that don’t use the JavaScript heap spray trick. While I’m

EXcel EXploits

Our guys in Bratislava have issued a press release about one of the latest examples of the current wave of Excel exploits, which we detect as X97M/TrojanDropper.Agent.NAI. When the malicious Excel document is opened, it drops the backdoor Trojan we call Win32/Agent.NVV, which allows a remote attacker to get access to and some control over the

More Acrobatics

For the geekier among us wanting or needing to know more about the Adobe vulnerability that Randy and I both blogged on yesterday, here are a few resources: More from Shadowserver at http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221 As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly. There are rules

The Perils of PDF

Security issues with PDFs are nothing new, as a skim through past Adobe security bulletins and advisories indicates. (This isn’t a criticisim of Adobe: it’s inevitable that security issues will surface from time to time in sophisticated, function-rich software, and Adobe are clearly aware of the need to address the problems as they arise.) In

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

ESET Virus Radar

Archives

Select month
Copyright © 2013 ESET, All Rights Reserved.