A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as "heap spraying."
"Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file" before extracting and executing the backdoor, Trend Micro said. The backdoor "is also embedded in the PDF file and not the usual file downloaded from the Web."
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft's Patch Tuesday.
credited to news.cnet.com
Continuing to be happy that I'm on a Mac....
good luck with your mac, loser.
"The question of the charter of pro-democracy moment.pdf"?
(I mistyped the first post; but what was the point of not blocking the hex values of the file name?)
Second poster is a fag.
Hey, they actually did something good with Vista (it's not vulnerable).
Oh wow I would say its time to hit it up dude!
RT
www.true-privacy.net.tc
You think Vista is not Vulnerable, Well, if it's not that is only as it crashes loading the PDF Document!!
1st, 2nd, and 5th posters need to grow up.
1st is a troll, 2nd is feeding the troll, and 5th is the 1st again.
"Hey, they actually did something good with Vista (it's not vulnerable)."
Probably cause it crashes when you load a pdf :)
Still funny that No. 1 has a point.. how many of these "OMG A NEW V1RU5!" posts are for OSX/Linux software.
Enjoy your 5 different AntiVirus programs No. 2 :) and your Ad-Aware.. and Spyware Doctor.. and.. and.. and..
EB
at least the second poster isnt gay for macs
The notion that you're secure on any architecture is a joke. All the technologies in place (including the new Data Access Protection or DAP that vista/7 implaments)
OSX is based on unix, so it has its inherent security measures. But do not think for a second that your computer is invulnerable to compromise.
There are plenty of ways into a computer, even if you have to take over other pieces of the network to give yourself a point in which to leverage your way in (of course i'm referring to either a MITM attack or simple DNS redirect spoofing)
Just know that no matter who you are, how protected *you think* you are, or how much you know about computers, only a pompous idiot would think that anything they put on their computer is anything but public.
My bad, the first paragraph should be :
The notion that you're secure on any architecture is a joke. All the technologies in place (including the new Data Access Protection or DAP that vista/7 implaments)are simply obsticles that anyone has to overcome. Unix has had it with SELinux, and mac does it with something else. Can't remember.
Adobe reader? Why would anyone download that piece of crap? There are better free pdf readers out there.
Grow up people. Save your 5 year old comments for the playground.
Sometimes I throw up.
Seems like a good reason to use Foxit Reader instead of Adobe.
Even though I use Evince for PDFs (and PSs), if you do your taxes on the e-forms provided by the IRS, they seem to require Adobe. (No other readers seem to work properly.) Other than that Adobe is a piece of crap.
So, does this affect Linux systems? *crickets* Ah. Just thought I'd ask... :-D