New year brings new PDF vulnerabilities

While the world was ringing in the New Year, hackers were creating new ways to exploit unpatched vulnerabilities in PDF documents according to Internet Storm researcher Bohan Zdrnja.

In a blog post this week Zdrnja detailed a new JavaScript exploit that can be hidden in PDF files and exploit a widely documented PDF vulnerability. The blog post details Zdrnja’s test on a suspicious PDF document that was sent by one of the blog readers. Zdrnja noted in his analysis of the document that it was exploiting the CVE-2009-4324 vulnerability.

Zdrnja states, ‘This can easily be seen in the included JavaScript in the PDF document,’ despite horrible detection rates (6 out of 40) by the anti-virus vendors Zdrnja submitted it to.

In his blog post, Zdrnja noted the exploited PDF document once infected contains ‘everything it needs to fully exploit the victim’s machine — it does not have to download anything off the Net.’ Later in the post he states, ‘If we are to judge the new year by the sophistication the attackers started using, it does not look too good.’

In late December, McAfee also released its Threat Predictions report which can be downloaded in full here, and predicted that Adobe’s products will be increasingly targeted by cybercriminals because their usage is so widespread. In its report, McAfee Labs also asserted that Adobe’s product exploitation has the capacity to surpass MS Office programs in 2010.

In a section titled, ‘Malware Writers Love Adobe, Microsoft Products,’ the report states:

In 2009 McAfee Labs saw an increase in attacks targeting client software. The favorite vector among attackers is Adobe products, primarily Flash and Acrobat Reader. Using ‘heap spray-like’ and other exploitation techniques, malware writers have turned Adobe apps into a hot target. Further, Flash and Reader are among the most widely deployed applications in the world, which provides a higher return on investment to cybercriminals. Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked.

For its part, Adobe’s director of product security and privacy, Brad Arkin in a blog posted mid-December listed January 12th as the target ship date for the update ‘to remediate vulnerability CVE-2009-4324.’ The full blog post can be found here.

You May Also Like

About the Author: Nettie Hartsock

Leave a Reply