Adobe Acrobat/reader Geticon() Vuln Exploit In The Wild

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted

Apr9

Adobe Acrobat/Reader getIcon() Vuln Exploit in the Wild

by JJ Reyes (Advanced Threats Researcher)

Cyber criminals have now updated their PDF exploits to include the getIcon() vulnerability (CVE-2009-0927). We currently detect this as TROJ_PIDIEF.OE.

As usual, we highly encourage users to update now to the latest versions of Adobe Acrobat and Adobe Reader (if you haven’t yet). Reading the security advisory by Adobe closely, we see that this issue was previously fixed in version 8.1.3 but not for version 9.0:

The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)

PATCH NOW.

References:

Adobe Acrobat getIcon() Stack Overflow Vulnerability

CVE-2009-0927

Security Updates available for Adobe Reader and Acrobat

TrendMicro - http://blog.trendmicro.com/adobe-acrobatre...it-in-the-wild/

>>>>>>>>

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing