Zero-day vulnerabilities discovered: 5
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.H
Links:
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
https://www.symantec.com/connect/blogs/zero-day-xmas-present
https://www.symantec.com/security_response/writeup.jsp?docid=2009-121511-4614-99
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
http://blogs.adobe.com/psirt/?p=74
https://isc.sans.edu/diary/Sophisticated%2C+targeted+malicious+PDF+documents+exploiting+CVE-2009-432...
http://www.welivesecurity.com/2010/01/04/adobe-javascript-and-the-cve-2009-4324-exploit/http://temer...
http://www.bitdefender.com/news/critical-zero-day-exploits-hit-internet-explorer-and-adobe-reader-12...
https://www.decalage.info/exefilter_pdf_exploits
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-vulnerability-again/
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
PDF/Exploit.CVE-2009-3459.A
Links:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
https://isc.sans.edu/diary/New+Adobe+Vulnerability+Exploited+in+Targeted+Attacks/7300
http://www.enigmasoftware.com/adobe-reader-vulnerability-cve-2009-3459-allows-hackers-insert-backdoo...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLATEDECODE_PREDICTOR02
http://temerc.com/forums/viewtopic.php?t=7821
http://www.rationallyparanoid.com/articles/emet-testing.html
https://media.blackhat.com/bh-eu-10/presentations/Li_Lovet/BlackHat-EU-2010-Li-Lovet-Adobe-Heap-slid...
https://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-exploit/
https://blog.fortinet.com/2009/10/19/on-the-recent-pdf-exploit
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.G
Troj/SWFExp-M
Troj/SWFExp-N
Links:
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-072209-2512-99
https://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
https://www.cnet.com/news/adobe-investigating-zero-day-bug-in-flash/
https://isc.sans.edu/diary/YA0D+%28Yet+Another+0-Day%29+in+Adobe+Flash+player/6847
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.nobunkum.ru/analytics/en-flash
http://idp.cyberoam.com/signatures/2090727071.html
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Software: Adobe Reader
Known/fameous malware:
TROJ_PIDIEF.OE
The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Links:
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-acrobatreader-geticon-vuln-exploit-...
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
http://www.ehackingnews.com/2012/09/pdf-exploits-targets-defense-industry.html
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.According to Symantec the first exploitation of the vulnerability was discovered on 2008-09-02.
Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.E
Links:
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
http://www.kb.cert.org/vuls/id/905281https://isc.sans.edu/diary/AdobeAcrobat+0-day+in+the+wild%3F/59...
http://blog.talosintel.com/2009/02/homebrew-patch-for-adobe-acroreader-9.html
https://www.secureworks.com/blog/research-20947
http://blog.securityactive.co.uk/2009/02/23/adobe-reader-and-acrobat-buffer-overflow-cve-2009-0658/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf