Skip to main content

Group-IB discloses zero-day vulnerability in Adobe X

posted onNovember 8, 2012
by l33tdawg

There is new vulnerability in Adobe X which helps to execute its own shellcode with help of malformed PDF-documents with specially crafted forms.

The vulnerability is also included in new modified version of "Blackhole Exploit-Kit”, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.

Andrey Komarov, the Head of International Projects Department of Group-IB: «The vulnerability has some limitations, for example it could be successfully exploited only after the user will close the browser and restart it. Another variant is to organize interaction between the victim and the malformed PDF-document. Either way, the vulnerability is has very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cybercrime gangs because in the past there was no documented method of how to bypass it with shellcode execution.».

The end price on this vulnerability on black market is approximately 30 000 – 50 000 USD. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exloitation methods. Dan Clements, Managing Partner of Group-IB US: «As more and more of these unpatchable zero day threats pop up in application software and operating systems, it provides bot authors more opportunities to design more creative methods to get their malware loaded into a victims computer».

The POC of the zero-flaw found in Adobe X was published in YouTube by Group-IB US threat intelligence team: http://www.youtube.com/watch?v=uGF8VDBkK0M&feature=youtu.be.

Source

Tags

Adobe Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th