informa
2 min read
article

Adobe Reader Vulnerability Being Attacked

Within days of the announcement of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.
Within days of the announcement of a serious Adobe Reader flaw, attackers already are planting maliciously crafted PDF files to attack Windows users.That's the finding from the SANS Internet Storm Center handler Bojan Zdrnja:


The in-the-wild attacks, first spotted by the SANS Internet Storm Center, follow the public release of proof-of-concept exploits at Milw0rm.com and underscores the importance of quickly patching third-party desktop applications.

I have seen a sample of one of the rigged PDF files in circulation and can confirm it is indeed exploiting the CVE-2008-2992 vulnerability, which is a stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier. It allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument.

The payload, Zdrnja, continued as an embedded JavaScript object that can be obfuscated enough to evade antivirus engines.

With these attacks now "in-the-wild," it's important to make sure you're protected. It's also important to mention again that Adobe Reader 9 and Acrobat 9 are not vulnerable.

Adobe also has updated Adobe Reader 8.1.2 and Acrobat 8.1.2 to address the vulnerabilities.

An Adobe security bulletin regarding the vulnerabilities and related solution is available. Also, Adobe's product security incident response team has posted to its blog on the topic.

Product updates are available for Windows, Mac, and Linux/Solaris.