McAfee has cited what it termed, "another zero-day attack targeting Adobe Acrobat Reader," that can infiltrate customer networks.
According to McAfee's blog, the currently unpatched exploit opens the door to code execution when a user simply reads a malicious PDF document.
McAfee said this code is embedded as a malformed and escaped sequence of hex bytes.
"After loading it into a disassembler, we can see that the unescaped executable code is stage one of a two-stage attack. The intent of stage one is to identify the open file handle of the malicious PDF to find a particular signature (which is called an egg by exploit writers). This signature (0×0A666F65 in this example) is immediately followed by stage two of the shellcode and is then branched into," notes the blog.
The blog also features a screenshot of the PDF's embedded egg, followed by x86 machine code, part of stage 2. McAfee notes, "The code contains another obfuscation layer, namely a routine that XOR decodes the remaining code and unveils an embedded executable."
For full information users can go to the blog here.
OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.