SecurityHome.eu Exploit:W32/AdobeReader.K

Home / malware PDF

Exploit:W32/AdobeReader.K

First posted on 29 October 2007.
Source: SecurityHome
Aliases :
Exploit:W32/AdobeReader.K is also known as Exploit.Win32.AdobeReader.k.
Explanation :
This PDF malware is being spammed heavily through email and it appears to be an attachment. This PDF Exploit takes advantage of a vulnerability on URI handling PDF file. This vulnerability affects IE7, Adobe Acrobat and Adobe Reader on some platforms.

This malware disables the Windows Firewall by issuing the following command:

netsh firewall set opmode mode=DISABLE

Then it downloads the a file from the following FTP site and executes it:

ftp://203.121.69.116/[REMOVED].exe - detected as Trojan-Downloader.Win32.Small.gkc

The vulnerability reference is CVE-2007-5020.

And also, here's Microsoft's Advisory.

Last update 29 October 2007

TOP

Exploit:W32/AdobeReader.K

Aliases :

Explanation :

Malware :

Family: