JMH
Banned
- Local time
- 6:27 AM
- Messages
- 6,448
More -Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit
Background on the exploit
As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).
Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. In the below screenshot we use Process Explorer to show what this looks like.
Find more information on the importance of enabling ASLR in your products at http://msdn.microsoft.com/en-us/library/bb430720.aspx.
How EMET 2.0 blocks the exploit
The good news is that if you have the Enhanced Mitigation Experience Toolkit 2.0 (EMET) enabled for AcroRd32.exe, it blocks this exploit. This is happens thanks to two different mitigations:
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs
My Computer
- Computer Manufacturer/Model Number
- LAPTOP. HP Pavilion dv7-4010TX .
- OS
- Win 7 Ultimate 64-bit. SP1.
- CPU
- Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
- Memory
- 8 DDR 3 RAM. 1066MHZ
- Graphics Card(s)
- ATI 1024 MB. DDR3. Radeon HD5650
- Monitor(s) Displays
- 17.3" High Definition Brightview LCD. LED Backlit.
- Screen Resolution
- 1600 x 900.
- Hard Drives
- 640GB
- Case
- Laptop / notebook.
- Mouse
- Logitech Anywhere mouse. MX.
- Internet Speed
- ADSL [ but too slow ]