Threat Level: green Handler on Duty: Russ McRee

SANS ISC: PDF mailto exploit documents in the wild SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PDF mailto exploit documents in the wild

The vulnerability initially reported here http://isc.sans.org/diary.html?storyid=3406 and confirmed here (with workaround) http://isc.sans.org/diary.html?storyid=3477 and patched here http://isc.sans.org/diary.html?storyid=3531 now appears to have been spotted in the wild. The proof of concept code had been released, and a number of people have reported receiving the PDFs which exploit the vulnerability. Obviously please patch, apply the workarounds, and/or ensure you can detect and block the exploit. File names seen so far are "BILL.pdf" and "INVOICE.pdf".

Thanks Juha-Matti!

Cheers,
Adrien de Beaupré
Bell Canada

 

 

 

Adrien de Beaupre

353 Posts
ISC Handler
Oct 23rd 2007

Sign Up for Free or Log In to start participating in the conversation!