Home / malware

PDF

Exploit:Win32/Pdfjsc.AV

First posted on 11 June 2009.

Aliases :

Exploit:Win32/Pdfjsc.AV is also known as Also Known As:CVE-2007-5659 (other), CVE-2008-2992 (other), CVE-2009-0927 (other), CVE-2009-1493 (other).

Explanation :

Exploit:Win32/Pdfjsc.AV is the detection for a PDF file that exploits several PDF (Portable Document Format) vulnerabilities. It runs another malware that connects to a remote Web site, possibly to download other malware.

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Exploit:Win32/Pdfjsc.AV is the detection for a PDF file that exploits several PDF (Portable Document Format) vulnerabilities. It runs another malware that connects to a remote Web site, possibly to download other malware.

Installation
Exploit:Win32/Pdfjsc.AV may be introduced to the system via an e-mail attachment in spam messages or hosted on a malicious website.

Payload
Downloads & Executes MalwareThe specially crafted PDF file detected as Exploit:Win32/Pdfjsc.AV contains Javascript code, which triggers the vulnerabilities. This code then downloads and executes other malware on the affected system.Additional InformationThe vulnerabilities exploited by this malware are referenced by Common Vulnerabilities and Exposures (CVE) Identifiers CVE-2007-5659, CVE-2008-2992, CVE-2009-0927 and CVE-2009-1493. Adobe has provided security updates for affected products in the following Adobe Security Bulletin Security Bulletins APSB08-13, APSB08-19, APSB09-04 and APSA09-02. For more information about the above mentioned security bulletins and CVE ID see the following links:

CVE-2007-5659

CVE-2008-2992

CVE-2009-0927

CVE-2009-1493

Adobe Security Bulletin APSB08-13

Adobe Security Bulletin APSB08-19

Adobe Security Bulletin APSB09-04

Adobe Security Bulletin APS09-02

Analysis by Shawn Wang

Last update 11 June 2009

 

TOP