Another 0-day vulnerability in Adobe Reader
Literally in 2 words, for now there is very little information. FireEye announces a 0-day vulnerability in Adobe Reader. The latest versions of branches 9, 10 and 11 are vulnerable. at the moment it is:
What is the essence of the vulnerability - not reported. It is reported only that in the exploited instance of the exploit, upon successful operation, 2 DLL files were launched. The first DLL showed a false error message and opened another PDF document. Apparently, this is a classic PDF launch of the desired content. This trick is often used in targeted attacks. Since often the vulnerable application after the launch of the exploit “crashes” and the sensitive user, not seeing the payload, begins to sound the alarm without reason.
')
The second DLL is a trojan that reverses the connection to the attacker's domain, which allows an attacker to control the compromised computer even if it is located behind the NAT.
The company contacted representatives of the Adobe security team. While the recommendation from FireEye is the same: do not open unknown PDF files
UPD: Adobe has released a fix to this vulnerability.
- 9.5.3
- 10.1.5
- 11.0.1
What is the essence of the vulnerability - not reported. It is reported only that in the exploited instance of the exploit, upon successful operation, 2 DLL files were launched. The first DLL showed a false error message and opened another PDF document. Apparently, this is a classic PDF launch of the desired content. This trick is often used in targeted attacks. Since often the vulnerable application after the launch of the exploit “crashes” and the sensitive user, not seeing the payload, begins to sound the alarm without reason.
')
The second DLL is a trojan that reverses the connection to the attacker's domain, which allows an attacker to control the compromised computer even if it is located behind the NAT.
The company contacted representatives of the Adobe security team. While the recommendation from FireEye is the same: do not open unknown PDF files
UPD: Adobe has released a fix to this vulnerability.
Source: https://habr.com/ru/post/169221/
All Articles