Blog - Securelist

English

Discussions Polls

RSS feeds Subscriptions Contacts

Log in

Search

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Internet threat level: 1

Follow us on

Home→Blog

What we
detect

Spam and
phishing

Vulnerabilities
and hackers

Internal
threats

Sections:

Events [57] Humour [4] Incidents [173] News [120] Opinions [81] Project [2] Publications [5] Research [56] Software [12] Spam Test [50] Virus Watch [186] Webcasts [3]

Tags:

Botnets [21] Firefox [5] Gumblar [9] Induc [2] Instant Messengers [24] Internet Banking [37] Kido [6] Malware Miscellany [22] Mobile Malware [33] Obfuscation [4] Ransomware [27] Sality [1] Social Networks [37] Wardriving [6] Wi-Fi [9]

show all tags

Research|Adobe yet again

Eugene Aseev
Kaspersky Lab Expert
Posted March 15, 13:13 GMT
Tags: Adobe PDF

0

Vulnerabilities continue to be detected and successfully exploited in Adobe’s most popular products - Acrobat and Reader.

Some days ago we received an interesting PDF file (detected as Exploit.JS.Pdfka.bui) which contained an exploit for the CVE-2010-0188 vulnerability, which was originally discovered back in February in Acrobat/Reader version 9.3 and earlier.

The first thing that catches the eye is the intentionally malformed TIFF image inside the PDF file.

The vulnerability – a buffer overflow – manifests itself when the field containing the image is accessed. The attack is carried out using ‘heap spraying’, a technique popularly used by many exploits on products capable of running JavaScript code, the recent Aurora attack being a good example of this technique in action.

Comment Link

Weblog

Patch Tuesday - Jan 2010

SWF, PDF - it's all Adobe

Fiesta parties on

Research|Adobe yet again

kaspersky.com

securelist.com