diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Enhanced Mitigation Experience (EMET) 2.0 Toolkit Blocks Adobe Reader and Acrobat ‘Zero-day’ Exploit

As you probably know a new “0–day” exploit in the wild for Adobe Reader and Acrobat, which’s using Return Oriented Programming (ROP) technique in order to bypass Data Execution Prevention (DEP). Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit (see pic).

Now, Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 (EMET) enabled for AcroRd32.exe, it blocks this exploit.

In order to enable EMET for Reader and Acrobat, install EMET and run following command as an admin. Note; path to Reader and Acrobat could be different in your system (especially on 32 bit system): C:\Program Files (x86)\EMET>emet_conf.exe –add “c:\program files (x86)\Adobe\Reader 9.0\Reader\acrord32.exe” . The changes you’ve made may require restarting one or more applications.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...