Cyber criminals have now updated their PDF exploits to include the getIcon() vulnerability (CVE-2009-0927). We currently detect this as TROJ_PIDIEF.OE.

As usual, we highly encourage users to update now to the latest versions of Adobe Acrobat and Adobe Reader (if you haven’t yet). Reading the security advisory by Adobe closely, we see that this issue was previously fixed in version 8.1.3 but not for version 9.0:

The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)

PATCH NOW.

References:

• Adobe Acrobat getIcon() Stack Overflow Vulnerability
• CVE-2009-0927
• Security Updates available for Adobe Reader and Acrobat