Several active exploits targeting a vulnerability in Adobe Reader are now in the wild.
Last week, Adobe released an update for Adobe Acrobat 8 and Adobe Reader 8 and a day later, a working exploit code for the util.printf() vulnerability was released. As expected, malware authors were quick to use the exploit for their own gain.
Trend Micro Research Manager Ivan Macalintal was alerted to the discovery of malicious .PDFs that exploit the Adobe Reader vulnerability, which Trend Micro now detects as TROJ_PIDIEF.CB. Users with unpatched Adobe Reader software may be infected when they unknowingly access a certain remote website or are redirected there from malicious banners and ads.
Upon execution, TROJ_PIDIEF.CB could crash Reader and then allow a malicious user to take control of an affected system. This compromises system security and exposes it to more threats as malicious users could easily dump adware and malicious programs under the VUNDO, VIRTUMON, and in some cases, also VIRUT families into infected PCs.
Trend Micro strongly advises users to patch their Adobe Reader to ensure they are safe from the threats that come with this vulnerability by downloading the updates found in the Adobe Security Bulletin:
The Trend Micro Smart Protection Network detects TROJ_PIDIEF.CB at the desktop level and provides solutions for its cleanup and removal. It also blocks the related malicious URLs.