Update on the Adobe vulnerability

Filed Under: SophosLabs, Vulnerability

On Friday, SophosLabs posted news about a new Adobe Reader vulnerability believed to be in the wild (CVE-2009-3459, security posting from Adobe here). Since then a few more details have surfaced.

Readers may have seen reports of a malicious PDF in the wild exploiting this vulnerability. Sophos products already detect and block this sample as Troj/PDFJs-DS.

If the malicious PDF successfully exploits CVE-2009-3459, it attempts to infect the victim with a backdoor Trojan. The executable payload is detected by Sophos as Mal/Generic-A, and the backdoor Trojan (DLL) the executable installs is detected as Troj/Protux-Gen.

Testing thus far (with Adobe Reader 9.1.3 and 9.1.0) suggests that successful exploitation is unreliable (just observing Reader application crashing). Customers should stay alert for tomorrow's security update from Adobe to patch this issue.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s