Sign in
Microsoft Malware Protection Center
Threat Research & Response Blog
Home
About
View More Blogs
Ecosystem Strategy Blog
Microsoft Accessibility Blog
Microsoft BlueHat Blog
Microsoft Malware Protection Center Blog
Microsoft Security Blog
Microsoft Security Response Center Blog
Security Development Lifecycle Blog
Security Research & Defense Blog
Security Tips & Talk Blog
Trustworthy Computing Blog
Resources
Partner
Microsoft Safety Scanner
Microsoft Security Response Center
Microsoft Security Essentials
Microsoft Forefront
Windows Defender
Microsoft AntiSpam
MMPC
Microsoft Malware Protection Center
Microsoft Security Intelligence Report
TechNet Blogs
>
Microsoft Malware Protection Center
>
CVE-2010-0188: Patched Adobe Reader Vulnerability is Actively Exploited in the Wild
Share Article
Follow Us
RSS for Posts
@msftmmpc
facebook
Security@Microsoft
Security Newsletter
TwC Blogs Windows Phone Application
Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Twitter @msftmmpc
CVE-2010-0188: Patched Adobe Reader Vulnerability is Actively Exploited in the Wild
CVE-2010-0188: Patched Adobe Reader Vulnerability is Actively Exploited in the Wild
mmpc2
8 Mar 2010 10:30 PM
Comments
0
While recently analyzing a malicious PDF file, I noticed a vulnerability exploited by the sample which I've never encountered before. After a bit of research I came to the conclusion that this specific sample exploited
CVE-2010-0188
. This is a fresh vulnerability, information about which was just published this February. It is described as possibly leading to arbitrary code execution, which is exactly what’s happening.
When the PDF file is loaded, Adobe Reader opens and then closes, while an executable file named a.exe is dropped directly onto the
C:\
drive. The dropped executable, which is actually embedded into the PDF file, tries to connect to a
.biz
registered domain to download other files. JavaScript is again used to successfully exploit this vulnerability, so disabling it for unknown documents might be a good idea.
We currently detect the malicious file as
Exploit:Win32/Pidief.AX
(SHA1: 908ae499a474e3006253417c658e055a633e75a1) and the dropped malware as
TrojanDownloader:Win32/Qaantiz.A
.
Fortunately Adobe has released an update to address the vulnerability which is offered automatically to all users. Read Adobe's security bulletin
here
and upgrade to the latest version of Adobe Reader and Acrobat. Users can pull down the 'help' menu and click on 'check for updates' to ensure that they're running the latest version.
As good practice, we advise every user to always update their programs as well as their operating system. We also advise users not to open files whose origins they don't trust.
Marian Radu
MMPC Dublin