cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Labs Security Advisory: MTIS09-132

December 16, 2009

MTIS09-132
Executive Summary
Since the last McAfee® Labs Security Advisory (December 15), the following noteworthy event has taken place:
  • A remote code execution vulnerability in Adobe products has been publically disclosed.

McAfee product coverage for this event:

McAfee Product Coverage *
ThreatName     Impor-
tance
DAT  BOP  Host
IPS
McAfee
Network
Security
Platform
McAfee
Vulnerability
Manager
MNAC 2.xMcAfee
Remediation
Manager
McAfee
Policy
Auditor
SCAP
MNAC
SCAP
MTIS09-132-AAdobe PDF JS RCE

High

Pend

N/A

Exp

Yes

Pend

No

N/A

UA

UA

Adobe Acrobat JavaScript PDF Code Execution Vulnerability[MTIS09-132-A]
 
Threat Identifier(s)CVE-2009-4324
Threat TypeVulnerability
Risk AssessmentHigh
Main Threat VectorsE-Mail; Web; Locally logged-on user
User Interaction RequiredYes
Description
A vulnerability in Adobe Acrobat and Adobe Acrobat Reader may allow remote code execution. The flaw is specific to Acrobat and Acrobat Reader Versions 9.2 and earlier on Windows, Mac OS X, and Unix platforms. Upon exploitation an attacker could potentially take full control of a vulnerable system. Reports state that this vulnerabiltiy is being actively exploited in the wild. Various proof-of-concept exploits also exist.
ImportanceHigh. This threat has gained media attention. Active exploitation has been reported from the field.
McAfee Product Coverage *
   DAT filesCoverage will be provided as Exploit-PDF.ag in the 5834 DAT files, releasing December 16. An EXTRA.DAT is currently available via the EXTRA.DAT request page at https://www.webimmune.net/extra/getextra.aspx
   VSE BOPOut of scope
   Host IPSGeneric buffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The UDS release of December 15 includes the signature "HTTP: Adobe Acrobat JavaScript PDF Code Execution Vulnerability," which provides coverage. The signature "HTTP: Generic PDF Evasion," released June 25, provides partial coverage.
   McAfee Vulnerability
   Manager
An upcoming FSL/MVM package will include a vulnerability check to assess if your systems are at risk.
   MNAC 2.xCoverage not warranted at this time
   McAfee Remediation
   Manager
Coverage not warranted at this time
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationAdobe: Security Advisory for Adobe Reader and Acrobat
The Register: Unpatched PDF flaw harnessed to launch targeted attacks

Back to top
Detailed descriptions of the Security Advisories can be found in the Users Guide: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_UsersGuide.pdf

For more information on McAfee Avert Labs Security Advisories, see: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_FAQ.pdf

For McAfee Technical Support, click here.

For Multi-National Phone Support, click here.

McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments.

*The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.

The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054 888.847.8766 www.mcafee.com

® 2009 McAfee, Inc. All rights reserved.
Version history
Revision #:
1 of 1
Last update:
‎12-18-2009 08:18 AM
Updated by: