Monday, October 19, 2009

Smashing the Adobe Heap Memory Management System for Profit

As pointed in a recent blog post, PDF vulnerabilities are receiving an increasing amount of attention in the security industry, matching cybercriminal patterns.

Very recently, a newm high-risk PDF zero-day vulnerability (CVE-2009-3459), was reported on Adobe's blog as being exploited in the Wild, in the frame of a targeted attack.

As of writing, a vendor patch is available, and we highly recommend applying it. If for some reason, immediate patching raises issues, security equipments (AV, IDS, IPS, etc...) must be adjusted to block potentially malicious PDF documents leveraging this vulnerability.

For that purpose, this document will provide an analysis of one malicious PDF file found in the wild, as well as in-depth insights on that vulnerability.

Check for more:

See also: Vulnerabilities in several PDF applications

No comments: