Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.


12 Sep 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.

Quote:

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Background on the exploit

As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).

Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. In the below screenshot we use Process Explorer to show what this looks like.





Find more information on the importance of enabling ASLR in your products at http://msdn.microsoft.com/en-us/library/bb430720.aspx.

How EMET 2.0 blocks the exploit

The good news is that if you have the Enhanced Mitigation Experience Toolkit 2.0 (EMET) enabled for AcroRd32.exe, it blocks this exploit. This is happens thanks to two different mitigations:
More -
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs


My System SpecsSystem Spec
.

12 Sep 2010   #2

Windows 7 Ultimate x64 SP1 | OSX Lion 10.7 x64
 
 

A very, very interesting tool. Thanks JMH for the heads up.
My System SpecsSystem Spec
Reply

 Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:15 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33