CIS CYBER SECURITY ADVISORIES

MS-ISAC CYBER SECURITY ADVISORY NUMBER:
2014-065

DATE(S) ISSUED:
08/12/2014

SUBJECT:
Vulnerability in Adobe Reader and Adobe Acrobat Could Allow Circumvention of Sandbox Protections (APSB14-19)

OVERVIEW:

A vulnerability in Adobe Reader and Acrobat was discovered that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader allows users to view Portable Document Format (PDF) files. Adobe Acrobat offers users additional features such as the ability to create PDF files. Successful exploitation could result in an attacker bypassing sandbox security protection and run native code with escalated privileges.

THREAT INTELLIGENCE
Adobe reports that there have been limited, isolated attacks targeting Adobe Reader users on Windows.

SYSTEM AFFECTED:

  • Adobe Reader XI (11.0.07) and earlier 11.x versions for Windows
  • Adobe Reader X (10.1.10) and earlier 10.x versions for Windows
  • Adobe Acrobat XI (11.0.07) and earlier 11.x versions for Windows
  • Adobe Acrobat X (10.1.10) and earlier 10.x versions for Windows

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: High

TECHNICAL SUMMARY:
Adobe Reader and Acrobat are prone to a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows operating system (CVE-2014-0546).

Successful exploitation could result in an attacker bypassing sandbox security protection and run native code with escalated privileges.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Install the updates provided by Adobe immediately after appropriate testing.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Do not open email attachments from unknown or untrusted sources.
  • Limit user account privileges to those required only.

REFERENCES:
Adobe:
http://helpx.adobe.com/security/products/reader/apsb14-19.html

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0546