ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

New Adobe Reader Zero-Day Vulnerability spotted in the wild Unknown rwxr-xr-x 0 2/14/2013

Filename New Adobe Reader Zero-Day Vulnerability spotted in the wild
Permission rw-r--r--
Author Unknown
Date and Time 2/14/2013
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions.

According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server.



 Ethical Hacking Institute in Pune | CEH | CHFI | ECSA | Ethical Hacking Courses in Pune



















 






No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox.

"We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files," said FireEye team.

But until the vulnerability gets patched, FireEye recommended that users avoid opening any PDF files of unknown origin. Instead of waiting for Adobe to act, you should probably switch to a different PDF reader. There are numerous free, open-source PDF readers.

Adobe's David Lenoe said in a post, "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information."

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN Pune


 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan