Adobe PDF zero-day gets homebrew patch

Open-source company Sourcefire says it has come up with a workaround for a flaw in Adobe Reader and Acrobat
Written by Tom Espiner, Contributor

Security researchers have published a piece of code designed to provide a workaround for a zero-day flaw in Adobe Reader 9 and Adobe Acrobat 9. 

The vulnerability research team at Sourcefire, which provides open-source intrusion and prevention software, published a link to the 'homebrew', or unofficial, patch in its blog on Sunday. Adobe has said that it doesn't plan to make its own patch for the buffer-overflow flaw available until at least 11 March.

Sourcefire's Lurene Grenier, who made posted the blog entry, said the piece of code is a replacement .dll file for AcroRd32.dll. The code is designed to mitigate the effects of opening a malicious file.

"In the event that you do open a bad pdf file, you should see a pop-up with the phrase 'Insufficient data for an image' and nothing will show up," wrote Grenier. "Reader will go on living happily."

Grenier added the caveats that she had used only the Windbg debugger and "a crappy hex editor" to write the fix. She said the workaround would not prevent all attacks, and that "no warranty [was] expressed or implied" by making the fix available.

The researcher wrote that she was prompted to write the code as "people seemed a bit worried about the Adobe Reader bug". The zero-day vulnerability, which affects all versions of Adobe Reader and Acrobat, is being actively exploited in the wild, the Shadowserver Foundation reported last week. On Thursday, the security research organisation recommended that users disable Javascript in Adobe Acrobat and Reader products until a fix is released.

Sourcefire, the organisation behind the open-source Snort network intrusion prevention system (IPS), on Sunday also made IPS rules available for Snort subscribers, to mitigate the risk of infection.

Editorial standards