Microsoft Helps Adobe Block PDF Zero-Day Exploit

CWmike writes "Microsoft has urged Windows users to block ongoing attacks against Adobe's popular PDF viewer by deploying one of Microsoft's enterprise tools. Adobe echoed Microsoft's advice, saying the Enhanced Migration Experience Toolkit (EMET) would stymie attacks targeting Reader and Acrobat. Called 'scary' and 'clever,' the in-the-wild exploit went public last week when security researcher Mila Parkour reported it to Adobe after analyzing a rogue PDF document attached to spam. Adobe first warned users Wednesday of the threat, but at the time gave users no advice on how to protect themselves until a patch was ready. Microsoft stepped in on Friday. 'The good news is that if you have EMET enabled ... it blocks this exploit,' said Fermin Serna and Andrew Roths, two engineers with the Microsoft Security Response Center in an entry on the group's blog." A Symantec blog post suggests the people exploiting this vulnerability may be the 'Aurora' group responsible for the attacks on Google late last year.

Re:Its not zero day ...

[mcgrew]

When you're well past a week old, why the fuck do you keep calling it 0 day?

Because it was exploitable on day zero. It's a week old zero day exploit.

ASLR

[js3]

According to the article..

  "Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on."

So enable ASLR on the effing DLL and release a patch, problem solved? Nothing would make me work overtime and on the weekend than a highly visible level 1 bug. Adobe developers must have it good!