By Adam Lapay (SOC Anylst)
The IT Security Industry is up in arms with discussions involving a new zero-day vulnerability exploiting Adobe Systems Reader and Acrobat. Identified on 12/6/11, this exploit can be found on almost all platforms of Adobe Reader including:  Windows (9.x) UNIX (9.x) and Reader X for Mac (10.1.1). This new exploit, CVE-2011-2462 has been seen in the wild and has been reported by the Lockheed Martin Computer Incident Response Team.  The vulnerability, which so far has only been targeting Defense firms, is performed by a remote user who creates a malicious PDF that contains a U3D (a three dimensional image contained within the PDF) that triggers a memory corruption error. This allows the remote user to execute any arbitrary code stored in the PDF at the users current privilege mode. In its most recent form, Symantec states that this flaw is being used to install the Sykipot Trojan, which is used to open a backdoor on any compromised hosts.
At the moment, Adobe is aware of the issue, and will have a fix for Reader and Acrobat for Windows the week of December 12th.  Unix and Mac users will have to wait until the next quarterly security update from Adobe scheduled for early January of 2012. In the meantime, using Reader and Reader X in Protected mode offers the only protection against the exploit.

Tags: , , , , , , , , ,