Adobe Reader and Acrobat Issue update

This is an update on the Adobe Reader and Acrobat issue (CVE-2009-0658) discussed in Security Advisory APSA09-01. As mentioned previously, Adobe currently plans to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th. In addition, Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe continues its contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers. We are now able to report that the following Antivirus and Security vendors and related products provide protections and information regarding this vulnerability:
Bitdefender
BitDefender has provided info that their customers using the following products are protected from attacks against this exploit:
• BitDefender Antivirus 2009: http://www.bitdefender.com/PRODUCT-2216-en–BitDefender-Antivirus-2009.html
• BitDefender Internet Security 2009: http://www.bitdefender.com/PRODUCT-2217-en–BitDefender-Internet-Security-2009.html
• BitDefender Total Security 2009: http://www.bitdefender.com/PRODUCT-2214-en–BitDefender-Total-Security-2009.html
Checkpoint:
Check Point customers using Check Point Security Gateway products are protected from attacks exploiting this vulnerability, provided that the appropriate protection is activated. For more details and precise list of products, see http://www.checkpoint.com/defense/advisories/public/2009/sbp-24-Feb.html
F-Secure
F-Secure Anti-Virus 2009:
http://www.f-secure.com/home_user/products_a-z/fsav2009.html
F-Secure Internet Security 2009:
http://www.f-secure.com/home_user/products_a-z/fsis2009.html
F-Secure Client Security:
http://www.f-secure.com/small_businesses/products/fscs.html
F-Secure Online Scanner (free to use):
http://support.f-secure.com/enu/home/ols.shtml
F-Secure Anti-Virus for Windows Servers:
http://www.f-secure.com/small_businesses/products/fsavsrv.html
F-Secure Internet Gatekeeper (Windows and Linux)
http://www.f-secure.com/small_businesses/products/fsigk.html
F-Secure Anti-Virus for MS Exchange:
http://www.f-secure.com/small_businesses/products/fsavmse.html
F-Secure Secure Messaging Gateway:
http://www.f-secure.com/small_businesses/products/fsmsgx.html
McAfee:
Enterprise: http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html
Consumer: http://us.mcafee.com/
Desktop: http://www.mcafee.com/us/enterprise/products/system_security/clients/host_intrusion_prevention_desktop_server.html
Server: http://www.mcafee.com/us/enterprise/products/system_security/servers/host_intrusion_prevention_server.html
Intrushield – Network IPS: http://www.mcafee.com/us/enterprise/products/network_intrusion_prevention/network_security_platform.html
Microsoft:
Microsoft Corporation products protecting against Exploit:Win32/Pidief and variants:
Microsoft Forefront Client Security
Microsoft Windows Live OneCare
Microsoft Windows Live OneCare safety scanner
Sophos
Here is the list of Sophos products that protect in one way or another against exploits attempting to exploit the vulnerability:
Sophos Endpoint Security and Control – http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/ using HIPS buffer overflow protection and anti-malware protection engine.
Sophos Web Security Appliance – http://www.sophos.com/products/enterprise/web/security-and-control/, using anti-malware protection engine and URL filtering.
Sophos PureMessage (all platforms) – http://www.sophos.com/products/enterprise/email/security-and-control/, using anti-malware and anti-spam protection engines.
Symantec:
Norton Antivirus 2009 (and earlier supported version) http://www.symantec.com/norton/antivirus
Norton Internet Security 2009 (and earlier supported version) http://www.symantec.com/norton/internet-security
Norton 360 http://www.symantec.com/norton/360
Symantec Endpoint Protection 11 http://www.symantec.com/business/endpoint-protection
Symantec AntiVirus 10 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for CacheFlow Security Gateway http://www.symantec.com/business/antivirus-for-caching
Symantec AntiVirus for Inktomi Traffic Edge http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for NetApp Filer/NetCache http://www.symantec.com/business/security_response/definitions.jsp
Symantec Mail Security for Domino v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-domino
Symantec Mail Security for Microsoft Exchange v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-microsoft-exchange
Symantec Mail Security for SMTP v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-smtp
Symantec Web Security 3.0 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Bluecoat Security Gateway http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Clearswift MIMESweeper http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Microsoft ISA Server http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus Scan Engine http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Linux http://www.symantec.com/business/endpoint-protection
Symantec Brightmail Gateway http://www.symantec.com/business/brightmail-gateway

Sourcefire:

Users/Customers of Sourcefire, Snort and ClamAV are protected against this vulnerability.
Sourcefire 3D System
http://www.sourcefire.com/products/snort/rules/advisories/sa022009.html
OpenSource Snort
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-24.html
ClamAV
http://www.clamav.net
Trend Micro:
Product link: http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/index.html
Overview: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN
We will continue to provide updates on this issue via Adobe’s Security Advisory and the PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights

Comments are closed.