Threat Research & Response Blog
1. The PDF The PDF file contains four malicious components:
2. The shellcode The shellcode reads data from the PDF stream and decrypts it into a PE file to the disk and then executes it (as shown in Figure 1).
Figure 1: Decrypting the PE file
Stay safe with protection for this exploit and the threats leveraging it, and don’t forget to apply the update released today by Adobe (APSB10-18 - http://www.adobe.com/support/security/bulletins/apsb10-28.html).