Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 7th, 2008

Recently Patched Adobe Reader Flaw Used By Miscreants To Hijack PCs

Three days after Adobe rushed out a critical update, miscreants are actively exploiting a security flaw to execute malicious code on vulnerable machines. According to SANS Internet Storm Center, researchers have spotted infected PDF files being circulated online. The discovery comes on the heels of the public release of proof-of-concept code exploiting CVE-2008-2992. According to SANS, none of the 32 top anti-virus programs were detecting the malicious files.

The PDFs are being spread using drive-by advertisements on sites deemed “suspicious.” At the moment, distribution is fairly light, but it would probably change soon. Once the rigged PDF is opened, the exploit calls the mshta application in Windows to execute HTA files. It retrieves the trojan from a different web site and executes it on the infected machine.

The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval(unescape()) call. Once deobfuscated, parts of the publicly posted PoC are visible, but the attackers also modified certain parts.

Like Adobe’s Flash animation player, Reader can be a pain to keep updated. The program comes with an automatic update feature, but it sometimes takes weeks to actually get around to installing critical updates. Versions 8.1.2 and earlier are vulnerable to these attacks. Protect yourself by patching now:




Share this item with others:

More on CyberInsecure:
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • Adobe’s Reader And Flash Installing Software Can Install Malware

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Recently Patched Adobe Reader Flaw Used By Miscreants To Hijack PCs

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.