Within days of the <a href="http://www.informationweek.com/blog/main/archives/2008/11/adobe_patches_p.html">announcement</a> of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.
November 9, 2008
Within days of the announcement of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.That's the finding from the SANS Internet Storm Center handler Bojan Zdrnja: "The in-the-wild attacks, first spotted by the SANS Internet Storm Center, follow the public release of proof-of-concept exploits at Milw0rm.com and underscores the importance of quickly patching third-party desktop applications.
I have seen a sample of one of the rigged PDF files in circulation and can confirm it is indeed exploiting the CVE-2008-2992 vulnerability, which is a stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier. It allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument.
"
The payload, Zdrnja, continued as an embedded JavaScript object that can be obfuscated enough to evade antivirus engines.
With these attacks now "in-the-wild," it's important to make sure you're protected. It's also important to mention again that Adobe Reader 9 and Acrobat 9 are not vulnerable.
Adobe also has updated Adobe Reader 8.1.2 and Acrobat 8.1.2 to address the vulnerabilities.
An Adobe security bulletin regarding the vulnerabilities and related solution is available. Also, Adobe's product security incident response team has posted to its blog on the topic.
Product updates are available for Windows, Mac, and Linux/Solaris.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024