Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

New Adobe Vulnerabilities Being Exploited in the Wild

Created: 14 Feb 2013 08:59:53 GMT • Updated: 23 Jan 2014 18:09:39 GMT • Translations available: 日本語
Symantec Security Response's picture
+3 3 Votes
Login to vote

Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue.

 

According to the FireEye blog posted earlier today, the malicious file arrives as a PDF file. Upon successful exploitation of the vulnerabilities, two malicious DLL files are dropped.

Symantec detects the malicious PDF file as Trojan.Pidief and the two dropped DLL files as Trojan Horse.

We are currently investigating the possibility of further protections for these vulnerabilities and will provide an update to this blog when possible.

A subsequent advisory posted by Adobe indicates the following versions of Adobe Reader and Acrobat are vulnerable:

  • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
  • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Symantec advises users to apply any patches as soon as Adobe makes them available.