Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 prior to 9.1, 8 prior to 8.1.3 , and 7 prior to 7.1.1 allows remote malicious users to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe acrobat reader |
Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...
On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested. While it is certainly possible that this marked the end of Bredolab, the technologies behind it remain and can, unfortunately, still be used to create new botnets. Malicious programs from the Backdoor.Win32.Bredolab family were first dete...
The first Top Twenty lists malicious programs, adware and potentially unwanted programs that were detected and neutralized when accessed for the first time, i.e. by the on-access scanner. There was no change to the top 5 malicious programs this month and judging by the number of infections, the Kido epidemic has eased off slightly. Exploit.JS.Aurora.a, which, as its name suggests, is a program designed to take advantage of vulnerabilities in a variety of software products. This exploit was widel...
Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines. As a result, the Top Twenties have changed somewhat, and the figures in both ratings this month are significantly higher, due to an increased numbers of users participating in KSN. The first Top Twenty lists malicious programs, adware and potentially unwanted program...