Recently we came into possession of an Adobe Acrobat PDF file that upon opening drops and executes a malicious binary. It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload. And, during the analysis it soon became apparent that this vulnerability was not one we had seen in the wild before. What was even more surprising was that this vulnerability affects Adobe Flash—not Adobe Reader as we initially suspected.

An issue in Adobe Flash is more serious. Most vulnerabilities are confined to one technology; for example, a vulnerability may affect a particular browser or a particular operating system, but it is rare for a vulnerability to span multiple platforms and products. This is not the case with Flash. Flash exists in all popular browsers and is also available in PDF documents. It is also largely operating system independent; therefore, the threat posed by this issue is not to be taken lightly. Flash has become an integral part...

Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month—the vendor is releasing six bulletins covering a total of nine vulnerabilities.

Six of the issues are rated “Critical” and affect Windows, DirectX, and Windows OpenType Font engine. One of the DirectX issues and one of the ActiveX issues were previously disclosed back in May of this year and earlier this month. Both issues have also seen active exploit attempts in the wild. The remaining issues, rated “Important,” affect Publisher, Virtual PC, Virtual Server, and ISA Server.

As always, customers are advised to follow these security best practices:

- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block...

It's Independence Day weekend in the United States and many folks are out at picnics, barbeques, and catching firework shows. However, some of us here in the security industry missed out on these events due a new exploit for a zero-day vulnerability in Microsoft's Video Streaming ActiveX control that we discovered in the wild right before the weekend started.

The exploit uses a specially crafted JavaScript file, along with a data file, to take advantage of a vulnerability in the IMPEG2TuneRequest DirectX object interface located in the Msvidctl.dll file. When a user visits a malicious website hosting these files, the vulnerability allows remote code execution and malicious files are downloaded.

Windows XP users with Internet Explorer 6 and 7 are in danger, but those with Internet Explorer 8 installed are not vulnerable. Preliminary testing shows that computers running Windows Vista are not affected by the attack....

I know people are getting sick of malware, attacks, and blogs associated with recent celebrities’ deaths, especially over the past week. But, here we go again. Even a week after Michael Jackson's death was announced, some people refuse to accept that he is gone. Well, after 32 years, even some fanatic followers believe Elvis Presley is still alive.

Security Response has found a suspiciously titled PDF file named “Elvis_Presley_is_alive!!!.pdf.” Maybe Elvis really is still alive, but this particular Elvis has hellhounds with him in the form of exploit code and malware.

When the malicious PDF file is opened, users won’t see any pictures or articles on the aging “King of Rock 'n' Roll,” but instead the file tries to exploit three separate PDF vulnerabilities:

• Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Remote Code Execution Vulnerability (...