A security researcher has published a home-brewed patch for a critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks.
Lurene Grenier, a vulnerability researcher at intrusion-prevention vendor Sourcefire Inc., posted the patch Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.
"The patch is just a replacement .dll -- AcroRd32.dll to be precise," said Grenier in a post to the Sourcefire vulnerability research blog. The .dll, which weighs in at 19MB, replaces the existing file in the "C:\Program Files\Adobe\Reader 9.0\Reader\" directory on Windows machines.
"No warranty expressed or implied, etc. etc.," concluded Grenier.
Although hackers have been exploiting the flaw in Adobe Reader since at least Feb. 12 -- the date that Symantec Corp. researchers first found the attack code in the wild -- Adobe said last week that it may not patch the problem until March 11.
In a security advisory the company issued last Thursday, Adobe confirmed that Versions 7, 8 and 9 of both Reader and Adobe Acrobat, an advanced PDF-creation application, contain the flaw. It plans to patch Versions 7 and 8 at an unspecified date after it fixes Version 9 next month.
It's rare that a patch surfaces from a source other than the software's maker, but Grenier's move isn't without precedent. In 2006, and then again the following year, a group of security researchers who called themselves ZERT (Zeroday Emergency Response Team), issued several unauthorized patches for bugs in Microsoft Corp.'s Windows and Internet Explorer.
In other news, exploit code for the Adobe bug has gone public, hitting the Milw0rm.com site earlier today. Last week, security experts speculated that attack code would quickly end up in the multiexploit kits that hackers now favor.
Grenier's patch can be downloaded via a link from the Sourcefire site.