Good Day for an 0-Day

We came across a fantastic video last week that two local NoVA infosec pros put together demonstrating a simple exploit against Adobe Acrobat and Reader XI. In the video Kris and Alice show opening an “infected” PDF from within a web browser and as a file on their desktop. In their demonstrations after they close the document, the exploit runs its payload. In this case the payload simply invokes the Windows Calculator however someone with a more nefarious mind could execute almost anything they want (e.g., installing a key logger, backdoor, botnet, etc.). The important thing to note here is that Kris and Alice are using the latest version of the Adobe products, both of which include their new “super” sandbox. I haven’t followed it closely but I’m guessing (hoping) Adobe has patched this vulnerability by now.

#####

Do you know if this vulnerability patched yet? Let us know in the comments below. Today’s post pic is from DiscoverSkills.com. See ya!

3 comments for “Good Day for an 0-Day

  1. November 20, 2012 at 10:52 pm

    #NOVABLOGGER: Good Day for an 0-Day http://t.co/QdS3416d http://t.co/IntXkFbO

  2. November 21, 2012 at 1:47 am

    BLOGGED: Good Day for an 0-Day http://t.co/MasWY1rO

  3. November 21, 2012 at 10:30 am

    “@grecs: BLOGGED: Good Day for an 0-Day http://t.co/K31bDVkS #adobe0day” < let’s get them #Invincea and redo the exploit.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.