A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned last week.
Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt", and then drops a backdoor called "Bkdr_Protux.Bd".
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as "heap spraying".
Based on their findings, "the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file" before extracting and executing the backdoor, Trend Micro said. The backdoor "is also embedded in the PDF file and not the usual file downloaded from the Web."
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced last week that it would release an update to fix the hole on Tuesday, the same day as Microsoft's Patch Tuesday.
This article was first published as a blog post on CNET News.
Play video
Adobe exploit puts backdoor on computers
Here we go again, and again, and yet again:
www.blueridgenetworks.com...
But the same solution to these risks remains the same.
Posted by Eirik Iverson on Tuesday, October 13 2009 12:54 AM