SecurityHome.eu Exploit.JS.PDF.D

Home / malware PDF

Exploit.JS.PDF.D

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Exploit.JS.PDF.D.
Explanation :
Exploits a buffer overflow vulnerability in the Adobe PDF reader JavaScript engine
by passing parameters to "Collab.collectEmailInfo()" function and then executing a specific shellcode.

For instance, the mentioned shellcode may be able to download and execute an arbitrary piece of malware. Preliminary analysis shows that the exploit attempts to download a malicious file from miscellaneous URLs such as http://beau[removed]fic.biz/order/getexe.php?h=32. The downloaded executable might subsequently install other types of malware on the compromised computer.

The vulnerability affects versions of Adobe Reader older than 7.1 or 8.1.2
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20