Within days of the <a href="http://www.informationweek.com/blog/main/archives/2008/11/adobe_patches_p.html">announcement</a> of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.
November 9, 2008
Within days of the announcement of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.That's the finding from the SANS Internet Storm Center handler Bojan Zdrnja: "The in-the-wild attacks, first spotted by the SANS Internet Storm Center, follow the public release of proof-of-concept exploits at Milw0rm.com and underscores the importance of quickly patching third-party desktop applications.
I have seen a sample of one of the rigged PDF files in circulation and can confirm it is indeed exploiting the CVE-2008-2992 vulnerability, which is a stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier. It allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument.
"
The payload, Zdrnja, continued as an embedded JavaScript object that can be obfuscated enough to evade antivirus engines.
With these attacks now "in-the-wild," it's important to make sure you're protected. It's also important to mention again that Adobe Reader 9 and Acrobat 9 are not vulnerable.
Adobe also has updated Adobe Reader 8.1.2 and Acrobat 8.1.2 to address the vulnerabilities.
An Adobe security bulletin regarding the vulnerabilities and related solution is available. Also, Adobe's product security incident response team has posted to its blog on the topic.
Product updates are available for Windows, Mac, and Linux/Solaris.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024