Zero Day Vulnerability in Adobe Reader X / XI

Group-IB recently reported zero-day vulnerability in Adobe Reader X / XI.

There are practically no technical details. It is reported that:

To successfully exploit this vulnerability, special conditions are needed: for example, in order for unauthorized execution of arbitrary code to take place, you must close or restart the Internet browser. Another way to exploit the vulnerability is to initiate an interactive user interaction, according to which the victim will need to confirm some action in the context of the open document, after which the malicious code will be executed

Another quote from the article:

One of the significant features is the fact that not a single exploit was previously advertised for the specified version of Adobe Reader due to the presence of the built-in sandbox (Sandbox, Protected View - blogs.adobe.com/asset/2010/10/inside-adobe- reader-protected-mode-part-1-design.html ), which limits the ability to execute arbitrary code through internal instructions and a special runtime environment.

')
However, in the following demonstration you can see Windows XP. And since “Sandbox” uses UAC mechanisms, available since Windows Vista, the question remains: is the detected code really able to bypass the “sandbox” used in Adobe Reader?




In addition, the article does not state: was Adobe informed about the vulnerability? But the approximate price tag of such vulnerability is called:

The cost of such vulnerabilities in the cybercrime market varies from 30,000 to 50,000 dollars

One can only guess: will Adobe be informed or some of the individuals who have this exploit will want to “warm up” on this vulnerability?