My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

PDF:Exploit.CVE-2013-5065.A

VERY LOW
LOW
approx. 1.7KB

Symptoms

Adobe Reader crashes when trying to open a PDF document.

Removal instructions:

Please let Bitdefender disinfect your files.

Analyzed By

Octavian-Mihai Minea, virus researcher

Technical Description:

This is a detection for malicious PDF files which exploit the CVE-2013-5065 local privilege escalation vulnerability (https://technet.microsoft.com/en-us/security/advisory/2914486) found in the Microsoft Windows NDProxy driver, that could allow attackers to run code in Kernel mode. The vulnerable systems are the running Windows XP or Windows Server 2003.

A successful attempt of exploiting this vulnerability allows an attacker to execute malicious code with elevated privileges on a user's computer. Therefore the attacker may have full access to the user's private data, installed programs and be able to install or run any malicious program.

This exploit is used in this case with the CVE-2013-3346 Adobe Reader vulnerability exploit in order to deploy the malicious shellcode. However, this technique is inefficient if the users have the latest Adobe Reader version.

The current attack is used to install a malware detected by Bitdefender with Gen:Trojan.Heur.FU.ku3@aSHWAmji.