Apr9
5:24 am (UTC-7)   |   by JJ Reyes (Advanced Threats Researcher)

Cyber criminals have now updated their PDF exploits to include the getIcon() vulnerability (CVE-2009-0927). We currently detect this as TROJ_PIDIEF.OE.

As usual, we highly encourage users to update now to the latest versions of Adobe Acrobat and Adobe Reader (if you haven’t yet). Reading the security advisory by Adobe closely, we see that this issue was previously fixed in version 8.1.3 but not for version 9.0:

The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)

PATCH NOW.

References:

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, April 9th, 2009 at 5:24 am and is filed under Security, Vulnerabilities . You can leave a response, or trackback from your own site.



5 Responses to “Adobe Acrobat/Reader getIcon() Vuln Exploit in the Wild”

Trackbacks

  1. cybasurfa (cybasurfa)
  2. SecurityGeek (Security Geek)
  3. spywarevoid (spywarevoid)
  4. hackertweets (Hacker Tweets)
  5. Adobe Acrobat/Reader getIcon() Vulnerability Exploit in the Wild | Kaspersky Labs USA

Leave a Reply


Rotten Eggs: An Easter Malware Campaign
DOWNAD/Conficker Watch: New Variant in The Mix?


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice