 | |
| |
| 12 Sep 2010 | #1 |
| | Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit. Quote: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. In the below screenshot we use Process Explorer to show what this looks like.  Find more information on the importance of enabling ASLR in your products at http://msdn.microsoft.com/en-us/library/bb430720.aspx. How EMET 2.0 blocks the exploit The good news is that if you have the Enhanced Mitigation Experience Toolkit 2.0 (EMET) enabled for AcroRd32.exe, it blocks this exploit. This is happens thanks to two different mitigations: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs |
My System Specs | |
| 12 Sep 2010 | #2 |
| | A very, very interesting tool. Thanks JMH for the heads up. |
| My System Specs |
 |
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit. problems?
| Thread Tools | |
| Similar help and support threads for: Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit. | ||||
| Thread | Forum | |||
| Win 7 64-bit and problems with Adobe Reader/Acrobat | Software | |||
| Help with Adobe Acrobat Reader magnification | Software | |||
| Adobe Acrobat Reader Upgrade | System Security | |||
| New zero-day exploit targets Adobe Reader | News | |||
| Adobe Reader and Acrobat Update 9.1 | News | |||
All times are GMT -5. The time now is 05:59 PM.
