Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory

Published: 2010-09-08
Last Updated: 2010-09-08 18:03:06 UTC
by John Bambenek (Version: 1)
18 comment(s)

We just received word that there is a report of a 0-day exploit for Adobe Acrobat/Reader being exploited in the wild. Secunia has a brief write up and here is the link to the original advisory.  The exploit was discovered in a phishing attempt with the subject of "David Leadbetter's One Point Lesson".  Adobe has issued an advisory and references CVE-2010-2883 (which just shows as reserved at this point with no details).  It does effect the latest version of Acrobat/Reader and Adobe is investigation a patch. More to come on that.

The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file.  So the good news is that, as of right now, it's a "loud exploit".  Early VirusTotal scans also had partial coverage under various forms of "Suspicious PDF" categories.  At this point, standard precautions apply (don't open PDFs from strangers) and this can probably only really be used in a phishing style scenario.  Will update this dairy as needed with developments.

--
John Bambenek
bambenek at gmail /dot/ com

18 comment(s)

Mozilla Thunderbird updated to version 3.1.3 also, more here: http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/

Published: 2010-09-08
Last Updated: 2010-09-08 17:46:28 UTC
by John Bambenek (Version: 1)
0 comment(s)

-- John Bambenek bambenek at gmail /dot/ com

Keywords:
0 comment(s)
Patches issued for multiple vulnerabilities in Cisco Wireless LAN Contoller product family, more here: http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml
Mozilla's SeaMonkey version 2.0.7 released for Security Updates: http://www.seamonkey-project.org/releases/seamonkey2.0.7/
Firefox Releases Version 3.6.9 and 3.5.12 to fix Security Vulnerabilities: 3.6.9 is http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/ and 3.5.12 is http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/
Diary Archives