Shavlik Technologies has claimed that organisations that rely on patch management solutions limited to Microsoft-only applications will be hit by the Adobe vulnerability.
Last week, Adobe released a new version of Reader 8.1.3 that fixes several exploitable bugs in 8.1.2 and prior versions of this popular Reader software. Exploit code on this reader was posted to the milw0rm.com site and is fully functional.
Shavlik claimed that sites relying on Microsoft's patch solutions that employ the Windows Update set of APIs, such as WSUS, SMS, SCCM among others are not protected against these exploitable bugs and may not even know it.
Chris Schwartzbauer, VP Worldwide Field Operations, Shavlik Technologies, said: “The threat landscape continues to broaden, and organisations can no longer assume that the biggest risk is to their Microsoft applications, and non-Microsoft applications can be handled as the threats emerge. Adobe Reader is an application that resides on most user desktops.”
The threats include two payloads that can be easily activated. The first (default) payload launches an executable file called calc.exe for testing purposes while the second payload creates a bind shell for remote access.
The company claimed that these payloads can be modified very easily to any arbitrary payload with very little skill required. These threats can impact thousands of legitimate websites and deliver previous Adobe exploits to an organisation's network via the ‘Drive By' hacking techniques.
See original article on scmagazineuk.com
Microsoft-only patchers will be hit by the Adobe vulnerability
By Dan Raywood on Nov 10, 2008 10:36AM