Home page logo
/

dailydave logo Dailydave mailing list archives

Mitigations
From: dave <dave () immunityinc com>
Date: Mon, 21 Dec 2009 09:25:49 -0500

Someone needs to spend the tiny amount of money and buy CANVAS Early
Updates, where I believe you can get an exploit that works fine on DEP
protected Windows XP SP3. I have to admit that I only personally testing
Acrobat 9.0.0 instead of 9.2. I think Pablo originally wrote the exploit
against 9.2 though. Something fun to verify today I guess. :>

Also you'll get an exploit for Microsoft ADFS which will bypass DEP but
only for 32 bit Windows for now.

Most mitigations are exactly that - they add a second level of money
that the attacker has to spend. It's usually wishful thinking that they
provide a conversion from "exploitable" to "DoS".

-dave

http://www.adobe.com/support/security/advisories/apsa09-07.html
"""

Customers using Microsoft DEP ("Data Execution Prevention")
functionality available in certain versions of Microsoft Windows are at
reduced risk in the following configurations:

    * All versions of Adobe Reader 9 running on Windows Vista SP1 or
      Windows 7
    * Acrobat 9.2 running on Windows Vista SP1 or Windows 7
    * Acrobat and Adobe Reader 9.2 running on Windows XP SP3
    * Acrobat and Adobe Reader 8.1.7 running on Windows XP SP3, Windows
      Vista SP1, or Windows 7

With the DEP mitigation in place, the impact of this exploit has been
reduced to a Denial of Service during our testing.
"""
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
  • Mitigations dave (Dec 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]