The Hacker News Logo
Subscribe to Newsletter

Adobe Reader zero-day vulnerability with modified Blackhole Exploit-Kit

Group-IB, a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.

The particular exploit is available in underground forums for as much as $50,000 and bug is dangerous because it permits cybercriminals to run arbitrary shellcode by bypassing the sandbox feature integrated into the more recent versions of Adobe Reader.

For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exploitation methods.

The exploit is limited to  Microsoft Windows installations of Adobe Reader and it can’t be fully executed until the user closes his Web browser (or Reader). Adobe representatives said that they were not aware of the issue. If Group IB’s discovery is confirmed and Adobe patches it, it would end the software maker’s two year run on zero real attacks against the sandboxed versions of Reader.

Proof-of-concept (POC) video demonstrate on YouTube by Group-IB:

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.