Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Adobe mailto vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe mailto vulnerability

On October 5th, Adobe confirmed the vulnerability we reported on on September 20th.

While there is no patch available yet, there is a workaround available and slowly some details about the vulnerability are being made public as well. So applying the workaround might be very wise:

[quoting Adobe]
Acrobat:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Adobe Acrobat\8.0\FeatureLockDown\cDefaultLaunchURLPerms

Reader:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\8.0\FeatureLockDown\cDefaultLaunchURLPerms

If tSchemePerms is set as follows:
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:2

To Disable mailto modify tSchemePerms by setting the mailto: value to 3
version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|
disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:3|file:2

While at it, sign up for the adobe vulnerability alerts.

--
Swa Frantzen -- NET2S

 

Swa

760 Posts
Oct 9th 2007

Sign Up for Free or Log In to start participating in the conversation!