0 Replies Latest reply on Nov 7, 2008 3:06 PM by HarryWaldron

    Adobe 8 PDF Vulnerability exploited in-the-wild

      The recent Adobe 8 PDF vulnerability is being exploited in-the-wild. Please PATCH NOW, as early AV detection is non-existent -- although it's being added now based on these new attacks. The patch required a 46MB download and after installation a reboot is required.

      http://isc.sans.org/diary.html?storyid=5312

      QUOTE: One of our readers, Wayne Dilly, sent couple of malicious PDF documents to us. Wayne noticed that some machines got infected and wondered if the PDF documents exploited the vulnerability patched by Adobe couple of days ago (CVE-2008-2992).

      Unfortunately, Wayne was right – these PDF documents exploit the JavaScript buffer overflow vulnerability. This is not surprising, though, as a fully working PoC has been recently published as well, but it's interesting to see that the attackers modified the PoC a little bit, probably in order to evade anti-virus detection.

      And indeed – at the time of writing this article, according to VirusTotal 0 (yes – ZERO) AV products detected this malicious PDF. Very, very bad.

      Adobe Security Bulletin directory
      http://www.adobe.com/support/security/

      Adobe 8 - Updates now available
      http://isc.sans.org/diary.html?storyid=5282
      http://www.adobe.com/support/security/bulletins/apsb08-19.html