SecurityHome.eu Exploit:JS/Pdfka.TI

Home / malware PDF

Exploit:JS/Pdfka.TI

First posted on 28 September 2009.
Source: SecurityHome
Aliases :
There are no other names known for Exploit:JS/Pdfka.TI.
Explanation :
A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

Additional DetailsExploit:JS/Pdfka.TI is an exploit that can take advantage of two vulnerabilities in a single PDF file in order to download malicious binary files (usually Trojan-Downloader:W32/Bredolab variants) onto the system.

The vulnerabilities exploited are:

Â Â â€¢Â Collab.collectEmailInfo() JavaScript Overflow (CVE-2007-5659)
Â Â â€¢Â Util.printf() JavaScript Overflow (CVE-2008-2992).
Adobe Reader and Acrobat versions 8.1.2 and earlier are affected by the vulnerabilities exploited by this malware.

Activity

Once the vulnerabilities are exploited, binary files are downloaded from:

Â Â â€¢Â http://[...]/welcome.php?id=5[...]
The downloaded files are saved in the Temporary directory using the following filenames:

Â Â â€¢Â pdfupd.exe Â Â â€¢Â crash.php
The files are then executed.
Last update 28 September 2009

TOP

Malware :

Last 20

Family:

Exploit:JS/Pdfka.TI