• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   Zero-Day Vulnerability Hits Adobe Reader

Zero-Day Vulnerability Hits Adobe Reader

  • Posted on:February 13, 2013 at 11:52 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

Zero-day season is far from over as reports indicate that an exploit was found targeting zero-day vulnerabilities for certain versions of Adobe Reader. This discovery came on the heels of the recent Adobe Flash Player incident that occurred last week.

In the related samples we gathered, the exploit is disguised as a .PDF file (detected by Trend Micro as TROJ_PIDIEF.KGM), which is crafted to target still unpatched vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe PDF Reader versions 9, 10, and 11. Once executed, it drops the .DLL file TROJ_INJECT.CPX along with the non-malicious file %User Temp%\Visaform Turkey.pdf. The said file is dropped as a way to hoodwink users into thinking that the specially crafted .PDF file is non-malicious.

However, in the exploit sample we analyzed, we noticed that it also drops malicious .DLL file designed for 64-bit machines (detected by Trend Micro as TROJ64_INECT.CPX). The people behind this threat may have included this 64-bit malware in an attempt to evade detection by anti-malware programs.

To address this issue, Adobe is currently working on a security advisory. The software vendor promises to release updates to address this issue. For the latest developments regarding this incident, readers may check Adobe’s blog.

Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes. Java, in particular, had several bouts with zero-day exploits this January alone. Unfortunately, this incident won’t be the last of its kind. Threat actors are known to incorporate such exploits in their schemes because they target unresolved vulnerabilities, leaving intended victims and users alike with little or no defense.

In our Annual Report for 2012 for example, we cited several zero-day vulnerabilities in Java 7 and Internet Explorer incorporated in widely distributed attacks like the Blackhole Exploit Kit. Adobe Reader was also one of the applications most used by exploit kits, along with other applications with plug-in functionalities like Internet Explorer, Adobe Acrobat and Java.

To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources.

Trend Micro Smart Protection Network detects and deletes the exploit used in this attack and the corresponding dropped files. Trend Micro Deep Security protects users from this zero-day exploit via 1004133 – Heuristic Detection Of Malicious PDF Documents. OfficeScan with Intrusion Defense Firewall (IDF) plugin users can also apply this rule to protect users from the malicious .PDF file.

We will update you for any developments regarding this incident.

Update as of Feb. 18, 11:46 PM PST

Adobe announced that they are working on fixes to address this issue, promising to release the security update within “the week of February 18, 2013”. More details can be found in Adobe’s security bulletin.

Update as of Feb. 21, 1:42 AM PST

Adobe has released security updates to address this issue. Users are advised to apply these security fixes the soonest.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: adobe readerzero day

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
  • Windows App Runs on Mac, Downloads Info Stealer and Adware
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures

Popular Posts

  • Going In-depth with Emotet: Multilayer Operating Mechanisms
  • February Patch Tuesday: Batch Includes 77 Updates That Cover Flaws in Internet Explorer, Exchange Server, and DHCP Server
  • Various Google Play ‘Beauty Camera’ Apps Send Users Pornographic Content, Redirect Them to Phishing Websites and Collect Their Pictures
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.