Group-IB, a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.
The particular exploit is available in underground forums for as much as $50,000 and bug is dangerous because it permits cybercriminals to run arbitrary shellcode by bypassing the sandbox feature integrated into the more recent versions of Adobe Reader.
For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exploitation methods.
The exploit is limited to Microsoft Windows installations of Adobe Reader and it can’t be fully executed until the user closes his Web browser (or Reader). Adobe representatives said that they were not aware of the issue. If Group IB’s discovery is confirmed and Adobe patches it, it would end the software maker’s two year run on zero real attacks against the sandboxed versions of Reader.
Proof-of-concept (POC) video demonstrate on YouTube by Group-IB: