This is an update on the Adobe Reader and Acrobat issue (CVE-2009-0658) discussed in Security Advisory APSA09-01. As mentioned previously, Adobe currently plans to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th. In addition, Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe continues its contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers. We are now able to report that the following Antivirus and Security vendors and related products provide protections and information regarding this vulnerability:
Bitdefender
BitDefender has provided info that their customers using the following products are protected from attacks against this exploit:
• BitDefender Antivirus 2009: http://www.bitdefender.com/PRODUCT-2216-en–BitDefender-Antivirus-2009.html
• BitDefender Internet Security 2009: http://www.bitdefender.com/PRODUCT-2217-en–BitDefender-Internet-Security-2009.html
• BitDefender Total Security 2009: http://www.bitdefender.com/PRODUCT-2214-en–BitDefender-Total-Security-2009.html
Checkpoint:
Check Point customers using Check Point Security Gateway products are protected from attacks exploiting this vulnerability, provided that the appropriate protection is activated. For more details and precise list of products, see http://www.checkpoint.com/defense/advisories/public/2009/sbp-24-Feb.html
F-Secure
F-Secure Anti-Virus 2009:
http://www.f-secure.com/home_user/products_a-z/fsav2009.html
F-Secure Internet Security 2009:
http://www.f-secure.com/home_user/products_a-z/fsis2009.html
F-Secure Client Security:
http://www.f-secure.com/small_businesses/products/fscs.html
F-Secure Online Scanner (free to use):
http://support.f-secure.com/enu/home/ols.shtml
F-Secure Anti-Virus for Windows Servers:
http://www.f-secure.com/small_businesses/products/fsavsrv.html
F-Secure Internet Gatekeeper (Windows and Linux)
http://www.f-secure.com/small_businesses/products/fsigk.html
F-Secure Anti-Virus for MS Exchange:
http://www.f-secure.com/small_businesses/products/fsavmse.html
F-Secure Secure Messaging Gateway:
http://www.f-secure.com/small_businesses/products/fsmsgx.html
McAfee:
Enterprise: http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html
Consumer: http://us.mcafee.com/
Desktop: http://www.mcafee.com/us/enterprise/products/system_security/clients/host_intrusion_prevention_desktop_server.html
Server: http://www.mcafee.com/us/enterprise/products/system_security/servers/host_intrusion_prevention_server.html
Intrushield – Network IPS: http://www.mcafee.com/us/enterprise/products/network_intrusion_prevention/network_security_platform.html
Microsoft:
Microsoft Corporation products protecting against Exploit:Win32/Pidief and variants:
Microsoft Forefront Client Security
Microsoft Windows Live OneCare
Microsoft Windows Live OneCare safety scanner
Sophos
Here is the list of Sophos products that protect in one way or another against exploits attempting to exploit the vulnerability:
Sophos Endpoint Security and Control – http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/ using HIPS buffer overflow protection and anti-malware protection engine.
Sophos Web Security Appliance – http://www.sophos.com/products/enterprise/web/security-and-control/, using anti-malware protection engine and URL filtering.
Sophos PureMessage (all platforms) – http://www.sophos.com/products/enterprise/email/security-and-control/, using anti-malware and anti-spam protection engines.
Symantec:
Norton Antivirus 2009 (and earlier supported version) http://www.symantec.com/norton/antivirus
Norton Internet Security 2009 (and earlier supported version) http://www.symantec.com/norton/internet-security
Norton 360 http://www.symantec.com/norton/360
Symantec Endpoint Protection 11 http://www.symantec.com/business/endpoint-protection
Symantec AntiVirus 10 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for CacheFlow Security Gateway http://www.symantec.com/business/antivirus-for-caching
Symantec AntiVirus for Inktomi Traffic Edge http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for NetApp Filer/NetCache http://www.symantec.com/business/security_response/definitions.jsp
Symantec Mail Security for Domino v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-domino
Symantec Mail Security for Microsoft Exchange v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-microsoft-exchange
Symantec Mail Security for SMTP v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-smtp
Symantec Web Security 3.0 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Bluecoat Security Gateway http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Clearswift MIMESweeper http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Microsoft ISA Server http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus Scan Engine http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Linux http://www.symantec.com/business/endpoint-protection
Symantec Brightmail Gateway http://www.symantec.com/business/brightmail-gateway
Sourcefire:
Users/Customers of Sourcefire, Snort and ClamAV are protected against this vulnerability.
Sourcefire 3D System
http://www.sourcefire.com/products/snort/rules/advisories/sa022009.html
OpenSource Snort
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-24.html
ClamAV
http://www.clamav.net
Trend Micro:
Product link: http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/index.html
Overview: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN
We will continue to provide updates on this issue via Adobe’s Security Advisory and the PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights
Categories
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
-
Recent Posts
Blogroll
- ASSET Blog Adobe Secure Software Engineering Team
Pages
Adobe Product Security Incident Response Team (PSIRT) Blog