My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Exploit.JS.PDF.D

MEDIUM
VERY LOW
2 to 4Kb

Symptoms



There are no visible symptoms of the attack. However, opening a specially crafted  PDF file with the included exploit would make the user vulnerable to arbitrary code execution.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Lita Catalin, virus researcher

Technical Description:



   Exploits a buffer overflow vulnerability in the Adobe PDF reader JavaScript engine
by passing parameters to "Collab.collectEmailInfo()" function and then executing a specific shellcode.

   For instance, the mentioned shellcode may be able to download and execute an arbitrary piece of malware. Preliminary analysis shows that the exploit attempts to download a malicious file from miscellaneous URLs such as http://beau[removed]fic.biz/order/getexe.php?h=32. The downloaded executable might subsequently install other types of malware on the compromised computer.

The vulnerability affects versions of Adobe Reader older than 7.1 or 8.1.2