Site icon Panda Security Mediacenter

New Zero day PDF exploit for Adobe Acrobat

We have received a new 0-Day exploit for Adobe
Acrobat via full-disclosure mailing list. This vulnerability was
announced on September 20th, 2007
in the site gnucitizien.org. In the advisory, the following can be read:

"The issue is quite critical given the fact that PDF
documents are in the core of today’s modern business. This and the fact
that it may take a while for Adobe to fix their closed source product,
are the reasons why I am not going to publish any POCs. You have to
take my word for it. The POCs will be released when an update is
available
."

But somebody, who had read the original
advisory, has discovered where the vulnerability is and has developed a
working PoC. This PoC has been sent to full-disclosure, a public
mailing list.

The PoC isn't harmful, however, when the PoC file is opened with a vulnerable version of Adobe Acrobat, calc.exe will be executed

Looking inside the PoC:

 

we can see the string that exploit the vulnerability.

TruPrevent is able to block this vulnerability (from the very first day). However, if you try the PoC with TruPrevent, the PoC will work because calc.exe is a trustworthy application for TruPrevent. Whereas if the vulnerability is modified to drop a malware, TruPrevent will block the vulnerability, avoiding the malware infection.

 

Exit mobile version