Home > Daily Thoughts, Emerging Threats > “util.printf()” Another Exploited PDF In-The-Wild?

“util.printf()” Another Exploited PDF In-The-Wild?

November 8, 2008 Leave a comment Go to comments

There’s a constant or recurring attack on PDF (other says Trojanized PDF) specifically exploiting “Collab.collectEmailInfo()” function and misuse of URI “mailto” [further reading]. Although Adobe already released patch and security researchers creates awareness, it seems there’s much higher value in continuing serving these threats.

This time another strain joining the group, CoreSecurity disclosed last Nov 4 that PDFs is again vulnerable due Javascript Printf “util.printf()” Buffer Overflow. A day after PoC (proof-of-concept) was immediately published and became available; there were 2 post which looking on the Hits, it has gained immediate attention in the community (for sure, both black and whitehats) [Refer milw0rm].

I immediately take a look on the PoC and verified how this BoF(buffer overflow) works, ‘coz I’m thinking this is something to watch for … possible one of these day, we’ll see another exploited PDF in-the-wild.

Today, it’s confirmed … I just verified an exploited PDF attacking this latest vulnerability and carrying malicious payload.

Make sure to apply proper security measures to avoid infection. [Refer Adobe Security Update]

Categories: Daily Thoughts, Emerging Threats Tags: , , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: