Shellcode Injection Settings

Hey all,

Today I was trying to install Adobe Reader using Mozilla Firefox. During the install, Defense + warned me of a shellcode injection for Firefox, so I terminated the process. However, this caused Adobe Reader to stop installing.

So I then resumed the install and got the same warning. I tried to press “skip” on the warning, but the warning box wouldn’t go away. The only way I could get the warning box to go away was to check the box that said something like “always skip these warnings.” After I did this, the warning went away and Adobe Reader finished installing.

So here is my issue. It seems that now Defense + will not warn me of shellcode injections for Firefox because I clicked that “always skip” button. Does anyone know how I can change this back so that it will warn me of future shellcode injections?

Thanks.

Hey ryan324,

There is a known Buffer Overflow Issue in Adobe Reader, See my post; (Buffer Overflow issue in version 9.0 and earlier of Adobe reader and Acrobat.)

This is why Adobe is terminating with D+ warns you of the BO, Adobe are going to fix this issue in march though. For now, you can use an alternative such as Foxit Reader until Adobe release an update for this Buffer Overflow issue.

Cheers,
Josh

Hi 3xist,

The issue is present in FoxIt as well as far as I understand it, since it is JavaScript vulnerability.

It seems like currently even disabling options for using JavaScript in Adobe Reader and in FoxIt may not help because there is a rumour (rather article :slight_smile: ) that it is possible to circumvent the thing when Java is disabled.

But that is not what interesting. BO protection can prevent buffer overflow (when) happening - that is true. But I have doubts that it will rise an alarm just because it is “potentially/virtually exists”.

And then it wasn’t Adobe Reader yet present it was just Setup going on

If you open Adobe Reader now and/or FoxIt you should not be warned about shellcode injections. I am doing it now and all is silent and that is correct.

You can test both with or without JavaScript. If the document has javascript Adobe will tell that document may not be read properly when disabled… that’s all, but no warnings from Comodo.

My point is - most likely that was indeed something in installer as described, but not because of current flaw in Adobe and FoxIt

My regards