« PreviousNext »

Adobe Acrobat 0-Day Exploit in the Wild

20 February 2009

The Shadowserver Foundation is reporting a new 0-day exploit in Adobe Acrobat Reader is in the wild.

The Shadowserver Foundation has recently become aware of a very severe vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is currently on the loose in the wild and being actively exploited. We are aware of several different variations of this attack, however, we were provided with a sample last week in which we were permitted to analyze and detail in this post. We want to make it clear that we did not discover this vulnerability and are only posting this information to make sure others are aware and can adequately protect themselves. All of our testing was done on Adobe Acrobat Reader 8.1.0, 8.1.1, 8.1.2, 8.1.3 (latest release of 8), and 9.0.0 (latest release of 9).

The defense to this exploit is the disabling of javascript within your Adobe Acrobat products.

I suggest you review their write up for more information.

UPDATE: Adobe has confirmed the vulnerability in Adobe Reader and Acrobat Version 9 and earlier. However a patch will not be released until March 11. Read Adobe’s advisory here.


Archived in Vulnerability | | Top Of Page

Feedback