We got hold of an exploit targeting the vulnerability Adobe reported in its most recent security advisory.
The exploit, detected as TROJ_ADOBFP.B (now detected as TROJ_ADOBFP.SM), takes advantage of the referenced vulnerability to drop another malicious file detected as TROJ_DROPPER.ADO.
TROJ_ADOBFP.B arrives in users’ systems as a malicious .SWF file that has been embedded into an .XLS file. This .SWF file contains the code for the exploit. TROJ_DROPPER.ADO, on the other hand, drops another malicious file detected as BKDR_COSMU.KO. BKDR_COSMU.KO connects to a URL to execute certain commands. It also retrieves information from the affected system such as drive information, OS, file or directory list, as well as a list of existing processes and services.
The vulnerability related to this threat affects the following software and their corresponding versions:
- Adobe Flash Player 10.2.152.33 for Windows, Macintosh, Linux, and Solaris OSs
- Adobe Flash Player 10.1.106.16 and earlier versions for Android
- Adobe Reader and Acrobat X (10.0.1) for Windows and Macintosh OSs (specifically the Authplay.dll component)
Adobe posted a schedule for the release of security updates that will address this vulnerability. All affected versions, except Adobe Reader X, will be patched on March 21. The update for Adobe Reader X will be released on June 14. Until the updates are released, users are advised to be extra careful, especially when dealing with .XLS files coming from unknown users.
Post from: TrendLabs | Malware Blog – by Trend Micro
Excel File Containing Adobe Zero-Day Exploit Found
Related Posts
- Another Adobe Flash Zero-Day Found, Embedded in Word Documents
An exploit for another zero-day vulnerability in Adobe Flash Player was very recently found just a couple of weeks after Adobe patched a similar critical vulnerability, which was actively exploited an... - Technical Analysis of Adobe Acrobat and Reader Zero-Day Exploit
Several weeks ago, a new Adobe Acrobat/Reader zero-day vulnerability was found and soon exploited in the wild. What’s most interesting about this particular exploit is how it used return-oriented expl... - Adobe Flash under fire with another zero-day exploit (Digital Trends)
Digital Trends - Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a ... - Microsoft helps Adobe block PDF zero-day exploit
Microsoft and Adobe are urging that users run Microsoft's Enhanced Migration Experience Toolkit to block ongoing attacks against the popular PDF viewer software.
View full post on Computerworld Sec... - Newest Adobe zero-day PDF exploit ‘scary,’ says researcher
The exploit for a critical unpatched bug in Adobe Reader that's now circulating is 'clever' and 'impressive,' security researchers said this week.
View full post on Computerworld Security News... - Adobe PDF Zero-Day Exploit Discovered in the Wild
Just after Adobe released their Out of Band patch for CVE-2010-2862, We discovered a malware exploiting a new 0-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-20... - Hackers exploit new PDF zero-day bug, warns Adobe
Adobe today warned users that attacks have begun exploiting an unpatched bug in its popular Reader and Acrobat PDF viewing and creation software.
View full post on Computerworld Security News... - Analysis of a Zero-day Exploit for Adobe Flash and Reader
Last weekend, we warned our customers about a Zero-day exploit targeting Adobe Flash and Reader in the wild. The corresponding BID can be seen here. We have updated our antivirus definitions in order... - Adobe Zero-Day Exploit Flash/Acrobat CVE-2010-1297
Adobe announced a new 0-day vulnerability in Flash, Adobe Reader and Adobe Acrobat over the weekend. The vulnerability lies in how Flash and Adobe Reader/Acrobat handles a specially formatted SWF fil... - Zero-day exploit for Adobe Reader, Flash now in the wild
Adobe has announced that an exploitable flaw in Adobe Reader 9.x, Acrobat 9.x, and Flash 9.x and 10.x has been discovered and is being actively exploited. Windows, Mac OS X, and Li...
Posted on 18 March 2011. Tags: Adobe, Containing, Excel, Exploit, File, Found, ZeroDay
The above information is reprinted from and copyrighted © by Trend Micro.
