Group-IB US: Zero-day vulnerability found in Adobe X
November 7, 2012
NEWYORK — There is new vulnerability in Adobe X which helps to execute its own shellcode with help of malformed PDF-documents with specially crafted forms.
The vulnerability is also included in new modified version of "Blackhole Exploit-Kit”, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.
Andrey Komarov, the Head of International Projects Department of Group-IB: «The vulnerability has some limitations, for example it could be successfully exploited only after the user will close the browser and restart it. Another variant is to organize interaction between the victim and the malformed PDF-document. Either way, the vulnerability is has very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cybercrime gangs because in the past there was no documented method of how to bypass it with shellcode execution.».
The end price on this vulnerability on black market is approximately 30 000 – 50 000 USD. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exloitation methods.
Dan Clements, Managing Partner of Group-IB US: «As more and more of these unpatchable zero day threats pop up in application software and operating systems, it provides bot authors more opportunities to design more creative methods to get their malware loaded into a victims computer».
The POC of the zero-flaw found in Adobe X was published in YouTube by Group-IB US threat intelligence team: http://www.youtube.com/watch?v=uGF8VDBkK0M&feature=youtu.be.
Group-IB is the first company in Russia and the former Soviet Union working professionally and comprehensively in cybercrime investigation, information security breaches, and computer forensics. As part of the company, a computer forensics lab provides independent computer forensic investigations, including for Russian law enforcement agencies. Created on the basis of Group-IB, CERT-GIB operates as the first private computer emergency response team in Russia. Group-IB is part of LETA Group.
Dan Clements 818.455.5969, D.Clements(at)group-ib(dot)com