Exploit.JS.PDF.D
MEDIUM
VERY LOW
2 to 4Kb
()
Symptoms
There are no visible symptoms of the attack. However, opening a specially crafted PDF file with the included exploit would make the user vulnerable to arbitrary code execution.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Lita Catalin, virus researcher
Technical Description:
Exploits a buffer overflow vulnerability in the Adobe PDF reader JavaScript engine
by passing parameters to "Collab.collectEmailInfo()" function and then executing a specific shellcode.
For instance, the mentioned shellcode may be able to download and execute an arbitrary piece of malware. Preliminary analysis shows that the exploit attempts to download a malicious file from miscellaneous URLs such as http://beau[removed]fic.biz/order/getexe.php?h=32. The downloaded executable might subsequently install other types of malware on the compromised computer.
The vulnerability affects versions of Adobe Reader older than 7.1 or 8.1.2
SHARE
THIS ON