Adobe Acrobat 9 – Creamy Security Goodness (on Vista / WS2008)

So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web.  I decided to download it and check it out to see if they had finally gotten a copy of memo (it's just that we're putting cover sheets on all of our TPS reports now) and decided to start opting in to some of the exploit prevention technologies we provide on Vista / WS2008 (like Apple has with QuickTime). 

Well folks - I am super pleased to report - Adobe has finally gotten serious and released a version of Acrobat that supports not only DEP in permanent mode - but also ASLR!  (Now if we could just convince people that Vista isn't all the suck that the media hypes it up to be so that they would install it and get the benefit of ASLR).

So a huge round of applause for Adobe please - even though opting in to these features involves just a couple of additional linker switches - it's certainly not that easy in reality and could have involved switching compilers, performing lots of additional testing, working with 3rd parties to make sure their additions / plug-ins still work or will work, etc. etc.

Anyhoo - here's the gory details from the linker:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader>dumpbin /headers AcroRd32.exe

Microsoft (R) COFF/PE Dumper Version 9.00.21022.08

Copyright (C) Microsoft Corporation.  All rights reserved.



Dump of file AcroRd32.exe


PE signature found





             14C machine (x86)

               5 number of sections

        4850F0A3 time date stamp Thu Jun 12 05:47:15 2008

               0 file pointer to symbol table

               0 number of symbols

              E0 size of optional header

             102 characteristics


                   32 bit word machine



             10B magic # (PE32)

            8.00 linker version

            4000 size of code

           4F000 size of initialized data

               0 size of uninitialized data

            4054 entry point (00404054)

            1000 base of code

            5000 base of data

          400000 image base (00400000 to 00453FFF)

            1000 section alignment

            1000 file alignment

            4.00 operating system version

            0.00 image version

            4.00 subsystem version

               0 Win32 version

           54000 size of image

            1000 size of headers

           56920 checksum

               2 subsystem (Windows GUI)

             140 DLL characteristics

                   Dynamic base // ASLR! W00T!!!

                   NX compatible // DEP (Permanent) W00T!!!

          100000 size of stack reserve

            1000 size of stack commit

          100000 size of heap reserve

            1000 size of heap commit

               0 loader flags

              10 number of directories

               0 [       0] RVA [size] of Export Directory

            795C [      8C] RVA [size] of Import Directory

            A000 [   48F54] RVA [size] of Resource Directory

               0 [       0] RVA [size] of Exception Directory

           54000 [    1568] RVA [size] of Certificates Directory

           53000 [     69C] RVA [size] of Base Relocation Directory

            5270 [      1C] RVA [size] of Debug Directory

               0 [       0] RVA [size] of Architecture Directory

               0 [       0] RVA [size] of Global Pointer Directory

               0 [       0] RVA [size] of Thread Storage Directory

            71E0 [      40] RVA [size] of Load Configuration Directory

               0 [       0] RVA [size] of Bound Import Directory

            5000 [     234] RVA [size] of Import Address Table Directory

               0 [       0] RVA [size] of Delay Import Directory

               0 [       0] RVA [size] of COM Descriptor Directory

               0 [       0] RVA [size] of Reserved Directory



Comments (4)
  1. Anonymous says:

    On a good note, Adobe Acrobat 9 seems to run faster and has a few compiler/at-link-time security features enabled (ASLR and DEP). On a bad note, they have opened up new vectors that can be exploited due to the new playback of Flash content. You ca

  2. Anonymous says:

    … lascio a voi dare una risposta, dopo aver letto i due post che vi propongo di seguito. Il primo è

  3. Anonymous says:

    Oui, vous avez bien lu le titre. Pourquoi Adobe Reader 9.0 ? Jetez un œil sur l’article de Robert

  4. Anonymous says:

    Despite Adobe opening up a hole in the product by supporting playback of FLV and SWF files , Robert does

Comments are closed.

Skip to main content