1

Adobe Flash Exploit embedded inside PDF file

We received a malicious PDF file in August 2009, on analysis, we found that the malicious PDF file is different from recently analysed PDF exploits. This Adobe Flash zero-day exploit appears to be exploited in the wild. This exploit affects Adobe Reader 9.1.2 and earlier 9.x versions and Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions.

In this PDF file, there are two flash files embedded in it. One of them, fancyball.swf, doesn’t seem to do anything malicious, the other flash file save.swf (or oneoff.swf) uses action script to do heap spraying.

The shellcode downloads and executes 2 executable files named SUCHOST.exe and temp.exe. Both of the executable files are embedded inside the PDF file itself.

Download Browser Defender for free to protect yourself against these sorts of threats.

This entry was posted in The Law and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>