Content

Exploit-PDF.b

Type
Trojan
SubType
Exploit
Discovery Date
02/10/2008
Length
Varies
Minimum DAT
5227 (02/11/2008)
Updated DAT
5296 (05/15/2008)
Minimum Engine
5.1.00
Description Added
02/10/2008
Description Modified
02/11/2008 11:01 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

-- Update February 11, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9061938&intsrc=news_ts_head

--

These maliciously crafted PDF files exploits a buffer overflow vulnerability in Adobe Reader which is recently patched in version 8.1.2.

More information on the patch from the vendor at:

When successful, some variants may download further malware from the following domain(s):

  • 85.17.221.xx

Symptoms

  • Unexpected network connections from the Adobe Reader
  • In some cases, Adobe Reader crashes or terminates abnormally.

 

Method of Infection

These maliciously crafted PDF files exploits a buffer overflow vulnerability in Adobe Reader 8.1.1 or older.

 

Removal

All Users:
Use specified engine and DAT files for detection.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and the specified DATs (or higher). Older engines may not be able to remove all registry keys created by this threat.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

-- Update February 11, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9061938&intsrc=news_ts_head

--

This detection covers maliciously crafted PDF files which attempts to exploit a buffer overflow vulnerability in Adobe Reader which is recently patched in version 8.1.2.

 

 

 

Aliases

  • EXPL_PIDIEF.O (TrendMicro)
  • Trojan.Pidief.C (Symantec)

Characteristics

Characteristics -

-- Update February 11, 2008 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9061938&intsrc=news_ts_head

--

These maliciously crafted PDF files exploits a buffer overflow vulnerability in Adobe Reader which is recently patched in version 8.1.2.

More information on the patch from the vendor at:

When successful, some variants may download further malware from the following domain(s):

  • 85.17.221.xx

Symptoms

Symptoms -

  • Unexpected network connections from the Adobe Reader
  • In some cases, Adobe Reader crashes or terminates abnormally.

 

Method of Infection

Method of Infection -

These maliciously crafted PDF files exploits a buffer overflow vulnerability in Adobe Reader 8.1.1 or older.

 

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and the specified DATs (or higher). Older engines may not be able to remove all registry keys created by this threat.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A