McAfee Labs Security Advisory: MTIS09-132

Version 1
    December 16, 2009

    MTIS09-132
    Executive Summary
    Since the last McAfee® Labs Security Advisory (December 15), the following noteworthy event has taken place:
    • A remote code execution vulnerability in Adobe products has been publically disclosed.

    McAfee product coverage for this event:

    McAfee Product Coverage *
    ThreatName     Impor-
    tance
    DAT  BOP  Host
    IPS
    McAfee
    Network
    Security
    Platform
    McAfee
    Vulnerability
    Manager
    MNAC 2.xMcAfee
    Remediation
    Manager
    McAfee
    Policy
    Auditor
    SCAP
    MNAC
    SCAP
    MTIS09-132-AAdobe PDF JS RCE

    High

    Pend

    N/A

    Exp

    Yes

    Pend

    No

    N/A

    UA

    UA

    Adobe Acrobat JavaScript PDF Code Execution Vulnerability[MTIS09-132-A]
     
    Threat Identifier(s)CVE-2009-4324
    Threat TypeVulnerability
    Risk AssessmentHigh
    Main Threat VectorsE-Mail; Web; Locally logged-on user
    User Interaction RequiredYes
    Description
    A vulnerability in Adobe Acrobat and Adobe Acrobat Reader may allow remote code execution. The flaw is specific to Acrobat and Acrobat Reader Versions 9.2 and earlier on Windows, Mac OS X, and Unix platforms. Upon exploitation an attacker could potentially take full control of a vulnerable system. Reports state that this vulnerabiltiy is being actively exploited in the wild. Various proof-of-concept exploits also exist.
    ImportanceHigh. This threat has gained media attention. Active exploitation has been reported from the field.
    McAfee Product Coverage *
       DAT filesCoverage will be provided as Exploit-PDF.ag in the 5834 DAT files, releasing December 16. An EXTRA.DAT is currently available via the EXTRA.DAT request page at https://www.webimmune.net/extra/getextra.aspx
       VSE BOPOut of scope
       Host IPSGeneric buffer overflow protection is expected to cover code-execution exploits.
       McAfee Network Security
       Platform
    The UDS release of December 15 includes the signature "HTTP: Adobe Acrobat JavaScript PDF Code Execution Vulnerability," which provides coverage. The signature "HTTP: Generic PDF Evasion," released June 25, provides partial coverage.
       McAfee Vulnerability
       Manager
    An upcoming FSL/MVM package will include a vulnerability check to assess if your systems are at risk.
       MNAC 2.xCoverage not warranted at this time
       McAfee Remediation
       Manager
    Coverage not warranted at this time
       McAfee Policy Auditor SCAPUnder analysis
       MNAC SCAPUnder analysis
    Additional InformationAdobe: Security Advisory for Adobe Reader and Acrobat
    The Register: Unpatched PDF flaw harnessed to launch targeted attacks

    Back to top
    Detailed descriptions of the Security Advisories can be found in the Users Guide: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_UsersGuid e.pdf

    For more information on McAfee Avert Labs Security Advisories, see: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_FAQ.pdf

    For McAfee Technical Support, click here.

    For Multi-National Phone Support, click here.

    McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments.

    *The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.

    The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.

    McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

    McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054 888.847.8766 www.mcafee.com

    ® 2009 McAfee, Inc. All rights reserved.