Zero-day in Adobe Reader (pdf/dll exploit)

Skip to first unread message

Bryan Bishop

Feb 13, 2013, 2:23:05 PM2/13/13
to, Bryan Bishop
Does anyone have a sample they can share?

We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.

Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files. We will continue our research and continue to share more information.

- Bryan
1 512 203 0507
Reply all
Reply to author
0 new messages