6 Replies Latest reply on May 2, 2011 11:29 AM by The MtnLion

    CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain

    The MtnLion

      http://www.adobe.com/support/security/bulletins/apsb11-06.html  http://www.adobe.com/support/security/advisories/apsa11-02.html  Note:  "Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing."  In a Domain, as many corporate computers are configured, the network configuration prevents Protected Mode from being used.  In effect the vulnerability is wide open on corporate networks (or home based systems with a domain and domain users) that are forced to use Adobe Reader with Protected Mode disabled.  In these security bulletins the information posted is that they are not considered a threat while Protected Mode is enabled.

       

      Has anyone identified the exact reason why Adobe Reader cannot have Protected Mode enabled with domain joined computers?  There have been some suggestions that it is because of roaming accounts, but my Administrator accounts are non-roaming and suffer the same problem.  (That includes the local administrator account.)  I suspect it is because of the way that logons are handled, by being verified through the Domain Controllers (very tight security, here).

        • 1. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
          The MtnLion Level 1

          Let me add specifics about the Domain:

           

          Windows XP SP3 Workstations ('86)

          Windows 2003 Domain Controllers ('86)

           

          Again, I have tested with roaming profiles, local profiles, local administrator profiles, anti-virus disabled; all fail to allow Reader's Protected Mode to start.

          • 2. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
            vdobhal Adobe Employee

            Hi,

             

            I would like to know, what error do you get when you launch a pdf file in Reader X. Do you get the Incompatability dialog as shown below?

            incompatability_dialog.JPG

            Do you access the PDF files through a Distributed File System?

            Do you access the files through a Citrix Server?

            Do you use Roaming profiles?

             

            These are the cases where you Reader does not open up in protected mode. I have tried using Reader X on a domain and it opens up in protected mode.

            1 person found this helpful
            • 3. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
              The MtnLion Level 1

              Hi, Vinod Dobhal, thanks for the reply.  That is the error.  It does not matter if anti-virus is disabled, if a local or roaming profile is used.  The file is on the local drive, or just starting Adobe X with no file will generate the error dialog that you show.  It is entirely possible that some lock-down is interferring, we use the Federal Guidelines for lockdowns, and scan with Retina.  My initial thoughts, after reading the link and posts in this forum, was that it was because of roaming profiles, but that was quickly disproved by using administrator accounts (which are local accounts).

               

              The real problem in all of this is that Protected Mode is supposed to mitigate the listed CVEs, and if I cannot use Adobe Reader X with Protected Mode these CVEs are open on my computers.  Internally the program has determined that it cannot start in protected mode, but it seems unable to communicate the reason.

              • 4. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
                Kshakti Adobe Employee

                Hi,

                 

                Can you please tell the incompatibility dialog you are observing is on the cleint system i.e WinXP or in the domain controller i.e Win2003 in your case?

                 

                Thanks

                • 5. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
                  The MtnLion Level 1

                  On a Windows XP workstationReader X Incompatability message Win XP.PNG

                  On a Windows 2003 member server:Reader X Incompatability message Win 2003.PNG

                  On a Windows 2003 Domain Controller:Reader X Incompatability message Win 2003 DC.PNG

                  • 6. Re: CVE-2011-0611 & CVE-2011-0609 Open on Computers of a Domain
                    The MtnLion Level 1

                    There is no point in attempting to "Beta" my results, as I cannot operate with this type of software.  My requirements are for fully patched systems or mitigations in place (that cannot be influenced by regular users).  Adobe elected to not patch Reader X for the two vulnerabilities listed in the header, relying instead on a non-operative, or best case user manipulated "Protected Mode" as mitigation.  User operated controls do not satisfy the requirements on my systems, and even if user operation of "Protected Mode" were disabled, Reader X continues to fail to start in "Protected Mode" in my environment.

                     

                    The idea behind security on IT assets is to not only protect the systems from external threats (www, hackers), but also from internal threats, such as normal users.  These two vulnerabilities could easily have exploits loaded on CD-ROM or floppy and a normal user could disable "Protected Mode" in Reader X to make use of them.  So, even if "Protected Mode" is usable the vulnerabilities remain open.