New Acrobat 9.2 and Acrobat Reader Vulnerability in the Wild
Monday, December 14, 2009 at 08:42PM There are reports that an vulnerability is being exploited in the wild that affects Acrobat 9.2 and Acrobat Reader. It appears that it has been reported by three different security companies to Adobe today. Users should disable Java Script in Acrobat and only open trusted files. Acrobat files from public sources should not be opened on a Mac while using root or administrator privileged account. Users should use Preview.app to open, view and print PDF files.
drStrangeP0rk
Symantec has named it Trojan.Pidief.H which drops and then executes the following on Windows Machines. It would seem that it is a malicious executable named AdobeUpdate.exe.
%Temp%\AdobeUpdate.exe
It can install an infostealer from the following domain http://foruminspace.com/documents/dprk/ab.[*] call ab.exe. It apears that the exploit is targeting the Windows platform at this time but this can change. Users should block foruminspace.com, disable Java Script and set Preview.app as the default reader of PDF files.
robtex foruminspace.com
drStrangeP0rk
Adobe has posted instructions on how to disable JavaScript in Acrobat and Reader.
http://www.adobe.com/support/security/advisories/apsa09-07.html
drStrangeP0rk
Update is expected to be released 1/12/2010 to address CVE-2009-4324.
http://blogs.adobe.com/psirt/2010/01/pre-notification_-_quarterly_s_1.html
drStrangeP0rk
Adobe has released and update to Acrobat Reader and Acrobat.
http://blogs.adobe.com/psirt/2010/01/security_update_released_for_a.html
Reader Comments