Welcome Stranger to OCC!Login | Register

New Zero-Day Exploit Found Able To Penetrate Adobe Reader

Category: Bugs / Virus
Posted: 06:12PM

Russian security firm Group-IB say that it has found a new vulnerability in the Adobe X platform, which allows hackers  to execute shellcode commands within the internal sandbox. The vulnerability is being viewed as very dangerous as it easily allows hackers to spread banking Trojans like Zeus, Spyeye, Carberp, and Citadel with the help of other exploits in client-side software. However, Andrey Komarov, the Head of International Projects Department of Group-IB, reports that the exploit has its limitations. The only way the exploit could be successful is if the user were to close his or her browser and restart it. Another common method by hackers being used is organizing interaction between the victim and the malformed PDF-document. Regardless, this new vulnerability is gaining popularity due to their being no previous method of bypassing the Adobe X sandbox with shellcode execution.
The new vulnerability is reportedly being traded on the black market for roughly $30,000 to $50,000. So far, reports of usage are low due to trading among small circles of underground hackers, but it could have the potential of becoming widely distributed and used.

Register as a member to subscribe comments.
venomoc on November 10, 2012 05:15AM
Could use this as an example in my upcoming comp security exam, props to Russian hackers.
Guest comment
Gilma on November 16, 2012 09:58PM
Why is there no way to go back from the dev cnaehnl into the beta cnaehnl? Can you please fix that?I have tried doing it from the about menu and the change to cnaehnl is saved but the beta version is not being downloaded and i remain with the buggy dev version.There is no mention that it is impossible to switch back when you choose the dev cnaehnl

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1034240723   (xlweb1)