Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Adobe Reader Zero-day being exploited in the wild

Created: 07 Dec 2011 16:36:31 GMT • Updated: 23 Jan 2014 18:18:12 GMT • Translations available: 日本語
Stephen Doherty's picture
+4 4 Votes
Login to vote

Adobe has issued a public advisory regarding a critical vulnerability (CVE-2011-2462) that affects:

  • Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh
  • Adobe Reader 9.4.6 and earlier
  • 9.x versions for UNIX

This critical vulnerability has recently been seen exploited in the wild in targeted attack emails sent on November 1st and 5th. This attack leverages the zero-day vulnerability in order to infect target computers with Backdoor.Sykipot.

We have seen Backdoor.Sykipot used in targeted attacks since January, 2010 and this is not the first time it has been used in conjunction with a zero-day exploit.

We detect the malicious PDF document as Trojan.Pidief and the dropped component as Backdoor.Sykipot.

Analysis is ongoing and updates will be provided as more information becomes available.

As always, be vigilant when opening any PDF attachments in unsolicited emails.