Reply to post: by itself, not exciting

Adobe Reader sandbox popped says Google researcher

Anonymous Coward
Anonymous Coward

by itself, not exciting

If you look at the instructions for the POC, it's evident that this sandbox escape requires one to have another exploit to provide execution of arbitrary code in the sandbox context. The POC doesn't bother and inserts sandbox escape code directly into a sandbox process with the WriteProcessMemory system call from an .EXE run manually on the local system.

Even then all it does is allow one to write a file within a non-system privilege context, presumably a .EXE or .DLL. Further effort is required to construct a file that will be executed somehow--and the exploit does not provide the registry access required to make that easy.

Anyone with a shred of common sense will have Reader configured with JavaScript disabled (who in their right mind wants dancing text and graphics anyway?), the "Enable Enhanced Security" box checked, and "Legacy/Trust Manager" set to distrust everything--good luck getting arbitrary code execution.

So if you are a state-sponsored baddie with a huge bag of tricks and lots of time and money, sure this is a useful item. If you're a Russian spam or bank-trojan gangster your time is better spent thinking up clever phishing gimmicks to ensnare the stupidest 1% (or even 10%--is truly amazing what people will click on).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon