Skip to main content

Adobe PDF exploit

e are seeing users get infected with Trojan.Zonebac (opens in new tab), which can only mean successful exploitation by one of the current Adobe PDF vulnerabilities (opens in new tab) (we know of at least one vulnerability that is apparently being used in malicious banner advertisements). It’s likely not epidemic, but there has been an uptick.

Unlike earlier reports, this issue is now known to affect practically the entire population of Adobe users who aren’t running version 8.1.2. The following list from our friends at Symantec’s Deepsight (opens in new tab)is elucidating:

Vulnerable Systems
Adobe Acrobat 3D
Adobe Acrobat Professional 7.0.0
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Reader 3.0.0
Adobe Acrobat Reader 4.0.0
Adobe Acrobat Reader 4.0.0 5
Adobe Acrobat Reader 4.0.0 5c
Adobe Acrobat Reader 4.0.5 A
Adobe Acrobat Reader 5.0.0
Adobe Acrobat Reader 5.0.10
Adobe Acrobat Reader 5.0.5
Adobe Acrobat Reader 5.1.0
Adobe Acrobat Reader 6.0.0
Adobe Acrobat Reader 6.0.1
Adobe Acrobat Reader 6.0.2
Adobe Acrobat Reader 6.0.3
Adobe Acrobat Reader 6.0.4
Adobe Acrobat Reader 7.0.0
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 8.0
Adobe Acrobat Reader 8.1
Adobe Acrobat Reader 8.1.1
Adobe Acrobat Standard 8.1.1

Non-Vulnerable Systems
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Reader 8.1.2
Adobe Acrobat Standard 8.1.2

The one exploit we believe to be used in banner ads is very nasty one, which provides a wide open path to install the trojan on a user’s PC. Plenty of people have already reported on this thing (opens in new tab), so I won’t bother to rehash what’s already out there.

But my advise is to update Adobe URGENTLY. Or get the FoxIt reader (opens in new tab). This is a serious issue.

Alex is a technology CEO, with leadership, operating partner, investor, and board member roles at security firms including AutoLoop, Borland, Quarterdeck (now Symantec and Cisco WebEx), GFI/TeamViewer, Sunbelt Software (now ThreatTrack Security), BlueStripe Software, StopBadware, Knowbe4, Malwarebytes, and Runaware Holding AB. When CEO of Sunbelt he ran a security blog, and he still writes on security.