BitDefender Antivirus
Contact Us | My BitDefender

Exploit.JS.PDF.D

Spreading: medium
Damage: very low
Size: 2 to 4Kb
Discovered: 2008 Oct 01

SYMPTOMS:



There are no visible symptoms of the attack. However, opening a specially crafted  PDF file with the included exploit would make the user vulnerable to arbitrary code execution.

TECHNICAL DESCRIPTION:



   Exploits a buffer overflow vulnerability in the Adobe PDF reader JavaScript engine
by passing parameters to "Collab.collectEmailInfo()" function and then executing a specific shellcode.

   For instance, the mentioned shellcode may be able to download and execute an arbitrary piece of malware. Preliminary analysis shows that the exploit attempts to download a malicious file from miscellaneous URLs such as http://beau[removed]fic.biz/order/getexe.php?h=32. The downloaded executable might subsequently install other types of malware on the compromised computer.

The vulnerability affects versions of Adobe Reader older than 7.1 or 8.1.2

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Lita Catalin, virus researcher
©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Global Sites | Privacy Policy