Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x prior to 9.3, and 8.x prior to 8.2 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe acrobat reader 3.0 |
||
adobe acrobat reader 4.0 |
||
adobe acrobat reader 5.0.11 |
||
adobe acrobat reader 5.0.5 |
||
adobe acrobat 6.0.4 |
||
adobe acrobat 6.0.5 |
||
adobe acrobat 7.0.6 |
||
adobe acrobat 7.0.7 |
||
adobe acrobat reader 5.1 |
||
adobe acrobat reader 6.0 |
||
adobe acrobat reader 7.0.2 |
||
adobe acrobat reader 7.0.3 |
||
adobe acrobat reader 8.0 |
||
adobe acrobat reader 8.1 |
||
adobe acrobat reader |
||
adobe acrobat reader 4.0.5c |
||
adobe acrobat reader 4.5 |
||
adobe acrobat reader 5.0.9 |
||
adobe acrobat 6.0 |
||
adobe acrobat 7.0.2 |
||
adobe acrobat 7.0.3 |
||
adobe acrobat 8.0 |
||
adobe acrobat 8.1 |
||
adobe acrobat reader 6.0.3 |
||
adobe acrobat reader 6.0.4 |
||
adobe acrobat reader 6.0.5 |
||
adobe acrobat reader 7.0.6 |
||
adobe acrobat reader 7.0.7 |
||
adobe acrobat reader 9.1 |
||
adobe acrobat reader 5.0 |
||
adobe acrobat reader 5.0.10 |
||
adobe acrobat 6.0.1 |
||
adobe acrobat 6.0.2 |
||
adobe acrobat 6.0.3 |
||
adobe acrobat 7.0.4 |
||
adobe acrobat 7.0.5 |
||
adobe acrobat 8.1.1 |
||
adobe acrobat 8.1.2 |
||
adobe acrobat reader 7.0 |
||
adobe acrobat reader 7.0.1 |
||
adobe acrobat reader 7.0.8 |
||
adobe acrobat reader 7.0.9 |
||
adobe acrobat reader 8.1.1 |
||
adobe acrobat reader 4.0.5 |
||
adobe acrobat reader 4.0.5a |
||
adobe acrobat reader 5.0.6 |
||
adobe acrobat reader 5.0.7 |
||
adobe acrobat 7.0 |
||
adobe acrobat 7.0.1 |
||
adobe acrobat 7.0.8 |
||
adobe acrobat 7.0.9 |
||
adobe acrobat reader 6.0.1 |
||
adobe acrobat reader 6.0.2 |
||
adobe acrobat reader 7.0.4 |
||
adobe acrobat reader 7.0.5 |
||
adobe acrobat reader 8.1.2 |
||
adobe acrobat reader 9.0 |
Last week, we published a blog post regarding the ongoing spam campaign using the recent earthquake in Japan to infect users. This is a follow up blog describing the exploits used. According to our analysis, it seems that the malicious links from the spam emails lead to websites hosting the Incognito Exploit Kit. Here is an interesting picture from the servers hosting the exploit kit: You can see below another example from the spam campaign, this time pretending to be an email from Twitter: The ...
On 25 October 2010, the Dutch police force’s Cybercrime Department announced the shutdown of 143 Bredolab botnet control servers. The next day at Armenia’s Yerevan international airport, one of those formerly responsible for running the botnet was arrested. While it is certainly possible that this marked the end of Bredolab, the technologies behind it remain and can, unfortunately, still be used to create new botnets. Malicious programs from the Backdoor.Win32.Bredolab family were first dete...
Eight more days to go
With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack. The PDF file uses what's known as egg-hunting shellcode to compress the first phase of the malicious payload into 38 bytes, a tiny size that's designed to thwart anti-virus detection. As a result, just four of the 41 major AV programs detect the attack more than six days after the exploit surfaced, according...