Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe mailto vulnerability

Published: 2007-10-09
Last Updated: 2007-10-10 17:16:37 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

On October 5th, Adobe confirmed the vulnerability we reported on on September 20th.

While there is no patch available yet, there is a workaround available for the latest versions and slowly some details about the vulnerability are being made public as well. So applying the workaround might be very wise:

[quoting Adobe]
Acrobat:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

Reader:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:2

To Disable mailto modify tSchemePerms by setting the mailto: value to 3
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2

For older versions those hive's will be wrong at least, so the best approach would be to upgrade first as there is no guidance from Adobe themselves for those versions.

While at it, sign up for the adobe vulnerability alerts.

Updated to clarify older versions.

--
Swa Frantzen -- NET2S

 

Keywords:
0 comment(s)
Diary Archives