Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.

12 Sep 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.

Quote:

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

Background on the exploit

As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).

Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. In the below screenshot we use Process Explorer to show what this looks like.





Find more information on the importance of enabling ASLR in your products at http://msdn.microsoft.com/en-us/library/bb430720.aspx.

How EMET 2.0 blocks the exploit

The good news is that if you have the Enhanced Mitigation Experience Toolkit 2.0 (EMET) enabled for AcroRd32.exe, it blocks this exploit. This is happens thanks to two different mitigations:
More -
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs


My System SpecsSystem Spec
.
12 Sep 2010   #2
HQuest

Windows 7 Ultimate x64 SP1 | OSX Lion 10.7 x64
 
 

A very, very interesting tool. Thanks JMH for the heads up.
My System SpecsSystem Spec
Reply

 Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.




Thread Tools




Similar help and support threads
Thread Forum
Win 7 64-bit and problems with Adobe Reader/Acrobat
I recently started having problems on two computers that both run Win 7 64-bit. The problem is that when opening a PDF file I get this box indicating to choose these options and then there is a check box to not ask me about it again. If I check it off, it goes away. Then when I try to close...
Software
Help with Adobe Acrobat Reader magnification
Hello, I'm a little perplexed with AAR10 with regards to magnification...? I have purchased some eBooks from Waterstones, a lot cheaper than an actual book... okay, whenever I open the PDF files they are magnified at such an inane percentage I have to decrease it to 100%. Is there a way in which...
Software
Adobe Acrobat Reader Upgrade
I checked my email a few minutes ago and found this in my Spam folder. I wanted show this to say that I hope people don't just click links just because the source appears to be from a legitimate source. Notice the mis-spelling for the email link (adobesysteRms) and as far as I know, companies...
System Security
New zero-day exploit targets Adobe Reader
more: computerworld
News
Adobe Reader and Acrobat Update 9.1
source: Adobe
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App