ビデオヘルプ
Security Response

Zero-Day Xmas Present

作成: 15 Dec 2009 02:21:56 GMT • 更新: 23 Jan 2014 18:30:41 GMT
Joji Hamada の写真
0 得票数:0
ログインして投票

Earlier today, we received a tip from a source that there is a possible Adobe Reader and Acrobat 0-day vulnerability in the wild. We have indeed confirmed the existence of a 0-day vulnerability in these products. The PDF files we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H.

We have reported our findings to Adobe who have acknowledged the vulnerability in this blog.

The analysis is still ongoing, so more details to follow. In the meantime, I recommend everyone to be extra vigilant during this holiday season, especially when receiving emails from an unknown person.