Sunday, February 22, 2009

Homebrew patch for Adobe AcroReader 9

People seemed a bit worred about the Adobe Reader bug, so I figured I'd take a bit of time this morning and create a home brew patch for people to protect themselves with until March 11th rolls around.

The patch is just a replacement DLL - AcroRd32.dll to be precise. Take this zip file, and unzip it into

C:\Program Files\Adobe\Reader 9.0\Reader\

And allow it to overwrite the old version.

This patch is only for Reader 9, so if you're on 8, you'll have to upgrade to apply the patch. The dll is about 19 meg too, and even the zip is almost 10 meg.

In the event that you do open a bad pdf file, you should see a pop up with the phrase "Insufficient data for an image." and nothing will show up. Reader will go on living happily.

Some caveats:

I made this patch using only windbg and a crappy hex editor because I'm at home now.

It may not prevent all attacks on jbig2 - it WILL prevent all current attacks using the method I described, but there may be others.

No warrenty expressed or implied, etc etc.

UPDATE:

Adobe has now released an update for Acrobat and Reader that takes care of this issue. We are removing our temporary fix. For more details on updating your Adobe Acrobat/Reader go here.

2 comments:

Post a Comment