Home / malwarePDF  


First posted on 03 August 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:Win32/Pdfjsc.G.

Explanation :

Exploit:Win32/Pdfjsc.G is a detection for a PDF file that exploits a PDF (Portable Document Format) vulnerability. When opened using Adobe Acrobat or Adobe Reader versions prior to 8.1.2, Exploit:Win32/Pdfjsc.G exploits the vulnerability discussed in Adobe Security Advisory APSB08-15 with CVE Reference Number CVE-2008-2641. A specially crafted PDF file, which is detected as Exploit:Win32/Pdfjsc.G, contains an encrypted Javascript detected as TrojanDownloader:JS/SetSlice. When executed, the Javascript triggers a buffer overflow in Adobe Acrobat and Adobe Reader. The malicious Javascript is configured to run another malware, which is currently detected as TrojanDownloader:Win32/Small.gen!B. This trojan downloader then connects to a certain website to download TrojanDownloader:Win32/Renos.EK. Renos.EK is a trojan downloader that may download and install fake antivirus software.  Analysis by Cristian Craioveanu

Last update 03 August 2019