Wednesday, February 13, 2013

0-day vulnerability in Adobe Reader


The company FireEye has detected a 0-day vulnerability in Adobe Reader 


Vulnerable to the latest 9.10 and 11 branches. Ie at the moment is:

9.5.3
10.1.5
11.0.1

What is the point of vulnerability - not reported. Reported only that a copy of the exploit studied at successful operation is started 2 DLL-files. First DLL showed a fake error message and to open another PDF document. Apparently it is a classic run PDF desired content. This trick is often used in targeted attacks. Because often vulnerable application after running the exploit "falls" and responsive user without seeing the payload starts justifiably alarmed.

The second DLL - Trojan-kompoment that performs reverse-connect to the domain, the attacker that allows the attacker to control the compromised computer, even if he is behind a NAT.


The company contacted the representatives of the security team and Adobe. While the recommendation from FireEye one: do not open unknown PDF-files

Links:

http://malwarelist.net/2013/02/14/adobe-reader-zero-day-vulnerability/
http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html

No comments:

Post a Comment