Adobe Reader X can't be trusted yet

#1 (**permalink**) 08-20-2011, 01:45 PM

"Adobe reader X limitations:

Protected Mode will not prevent unauthorized read access to the file
system or registry.
Protected Mode will not restrict network access.
Protected Mode will not prevent reading or writing to the clip board.

Given these limitations, attackers that exploit these “protected” components
will still be able to stay resident in memory and perform damaging activities
such as:

Read and exfiltrate data from the registry and/or user’s file system
Attack other machines and devices on the network
Use Reader as a stepping stone to execute other exploits against the host
system including exploits against kernel services

While Adobe’s Protected Mode is a step in the right direction for mitigating
risk of Adobe Reader, it still leaves significant residual risk on the table
for cyber adversaries to exploit.

http://www.invincea.com/blog/2010/11...der-x-sandbox/

--
Bear Bottoms, security consultant
http://bearware.info

#2 (**permalink**) 08-21-2011, 01:21 PM

Bear Bottoms wrote:

> "Adobe reader X limitations:

> While Adobe’s Protected Mode is a step in the right direction for
> mitigating risk of Adobe Reader, it still leaves significant
> residual risk on the table for cyber adversaries to exploit.

Acrobat reader 6.0x is still able to open the vast majority of PDF files
that I throw at it, and it also seems to be particularly incapable of
correctly executing many, most or all of the PDF exploits that have
emerged over the past 3 years - at least on win-9x/me systems.