Adobe Flash Exploit embedded inside PDF file

We received a malicious PDF file last week, on analysis, we found that the malicious PDF file is different from recently analysed PDF exploits. This Adobe Flash zero-day exploit appears to be exploited in the wild. This exploit affects Adobe Reader 9.1.2 and earlier 9.x versions and Adobe Flash Player and and earlier 9.x and 10.x versions.

In this PDF file, there are two flash files embedded in it. One of them, fancyball.swf, doesn’t seem to do anything malicious, the other flash file save.swf (or oneoff.swf) uses action script to do heap spraying.

The shellcode downloads and executes 2 executable files named SUCHOST.exe and temp.exe. Both of the executable files are embedded inside the PDF file itself.

Download Browser Defender for free to protect yourself against these sorts of threats.

This entry was posted in The Law. Bookmark the permalink.

One Response to Adobe Flash Exploit embedded inside PDF file

  1. wtf? says:


    pls help i remove browser defender but i cant remove “http://www.search-results.com” This site is always up in the address bar.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>