McAfee cites potential PDF Zero Day flaw

October 15, 2009


McAfee has cited what it termed, "another zero-day attack targeting Adobe Acrobat Reader," that can infiltrate customer networks.

According to McAfee's blog, the currently unpatched exploit opens the door to code execution when a user simply reads a malicious PDF document.

The blog features screenshots of the viewable JavaScript code once the stream has been unpacked. McAfee notes, "Although the content of the compressed stream may look like random data, when unpacked the JavaScript code will fill a certain memory area with malicious x86 assembly code and cause the exploited Adobe software to execute the shell-code, commonly known as heap spray."

McAfee said this code is embedded as a malformed and escaped sequence of hex bytes.

"After loading it into a disassembler, we can see that the unescaped executable code is stage one of a two-stage attack. The intent of stage one is to identify the open file handle of the malicious PDF to find a particular signature (which is called an egg by exploit writers). This signature (00A666F65 in this example) is immediately followed by stage two of the shellcode and is then branched into," notes the blog.

The blog also features a screenshot of the PDF's embedded egg, followed by x86 machine code, part of stage 2. McAfee notes, "The code contains another obfuscation layer, namely a routine that XOR decodes the remaining code and unveils an embedded executable."

For full information users can go to the blog here.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.