Didier Stevens

Friday 19 November 2010

Quickpost: Adobe Reader X

Filed under: PDF,Quickpost — Didier Stevens @ 18:03

In case you’ve not read Adobe’s announcement: Adobe Reader X is out. Use Adobe’s FTP server if you want to avoid their download manager.

Protected Mode Adobe Reader comes with a sandbox (like Internet Explorer, Microsoft Office 2010, Google Chrome) designed to prevent malware from writing to important system components.

If you’re interested in the design details of the sandbox, I recommend Kyle Randolph’s excellent series of posts.

To benefit the most of Adobe Reader’s sandbox, you need to use a Windows version that supports integrity levels (Windows Vista or later). Windows XP will not offer you this protection.

And don’t become complacent about patching your sandboxed applications. Because if there exists a vulnerability that allows one to escape from a sandboxed application, say in IE7 Adobe Reader X, then one can use this vulnerability to escape from other sandboxes, like IE7 Adobe Reader X, based on the same low integrity level design.

Quickpost info


  1. […] a matter of fact Didier posted a quick note on his blog today about the release of Adobe Reader X. He also mentioned that while this new […]

    Pingback by Malware Diaries » Blog Archive » Adobe Reader X: giving PDF security another chance? — Saturday 20 November 2010 @ 0:16

  2. […] investigador Didier Stevens ha sido un pionero en materia de seguridad de los archivos PDF mediante la exposición de muchas debilidades en su […]

    Pingback by Adobe Reader X disponible y ya "con problemas" « Seguridad Informática — Sunday 21 November 2010 @ 16:33

  3. Can you really leap from one low-integrity sandbox to another? I thought they were locked into their own window station, job object, and so on. If you can leap from one sandbox to another, that would make the entire system only as strong as the weakest link (as you point out), which doesn’t seem right…

    Comment by Dave — Monday 22 November 2010 @ 10:19

  4. […] Quickpost: Adobe Reader X – didierstevens.com […]

    Pingback by Week 46 in Review – 2010 | Infosec Events — Monday 22 November 2010 @ 14:53

  5. @Dave Yes, but I made a mistake in my explanation & the arrows I drew, it’s the other way around: I injected a DLL in the IE8 low integrity process on Windows 7 (with a LUA account), and this DLL opened a handle to the Acrobat low integrity process and wrote to its memory.
    The other way around (from Adobe Reader to IE) didn’t work, I got an access denied on the OpenProcess call.

    So yes you can hop from one low-integrity process into another, but not out of the Adobe Reader X sandbox, but into it.

    That’s a risk I run with my Quickposts: unlike my other posts, Quickposts get posted as soon as I’ve written them, I do less QA, so there’s more risk I write something wrong. Sorry.

    Comment by Didier Stevens — Monday 22 November 2010 @ 16:56

  6. […] PDF hacker extraordinaire Didier Stevens points out, the sandbox works best on Vista and Windows 7, less well on Windows XP. The newer versions of Windows utilize Windows integrity levels to run Reader X at low integrity […]

    Pingback by Adobe Releases Sandbox-Protected Reader X- The Hackers Edge — Tuesday 23 November 2010 @ 1:30

  7. So, is there a way to protect one low integrity process from being changed from other low integrity processes? I mean, like IE8’s sandbox process that protects itself from Adobe’s sandbox process? If yes, how?

    Comment by sana — Wednesday 24 November 2010 @ 13:55

  8. […] investigador Didier Stevens ha sido un pionero en materia de seguridad de los archivos PDF mediante la exposición de muchas debilidades en su […]

    Pingback by Adobe Reader X disponible y ya "con problemas" « Espacio de el viejo — Wednesday 24 November 2010 @ 16:42

  9. @sana It is the Adobe sandbox that prevents me from opening a handle with write-access to the IE low-integrity process.

    Comment by Didier Stevens — Wednesday 24 November 2010 @ 19:28

  10. It’s a good thing the weakness isn’t the other way round (i.e. Acrobat -> IE) since this recently-announced vulnerability in the IE sandbox would allow it to be used as a general-purpose escape mechanism from all low-integrity sandboxes that allow you to get out into another sandbox.

    Comment by Dave — Saturday 4 December 2010 @ 0:41

  11. @dave Yes, that’s a paper by Tom Keetch, I linked to his Hack.lu presentation in my blog post.

    Comment by Didier Stevens — Saturday 4 December 2010 @ 8:10

  12. […] de Windowsversie waarop ze Adobe Reader X installeren. Windows 7 en Vista hebben het voordeel van ‘integrity levels’, waardoor verhinderd wordt dat een programma toegang krijgt tot programma’s die op een hoger […]

    Pingback by Sandboxing: hoe een digitale zandbak Adobe Reader veiliger maakt » Management Weblog — Friday 13 May 2011 @ 9:57

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.