Tuesday, October 23, 2007 2:15 PM cmosby

SANS Internet Storm Center PDF mailto exploit documents in the wild

 

PDF mailto exploit documents in the wild

Published: 2007-10-23,
Last Updated: 2007-10-23 15:55:54 UTC
by Adrien de Beaupre (Version: 1)

The vulnerability initially reported here http://isc.sans.org/diary.html?storyid=3406 and confirmed here (with workaround) http://isc.sans.org/diary.html?storyid=3477 and patched here http://isc.sans.org/diary.html?storyid=3531 now appears to have been spotted in the wild. The proof of concept code had been released, and a number of people have reported receiving the PDFs which exploit the vulnerability. Obviously please patch, apply the workarounds, and/or ensure you can detect and block the exploit. File names seen so far are "BILL.pdf" and "INVOICE.pdf".

Thanks Juha-Matti!

Cheers,
Adrien de Beaupré
Bell Canada

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Filed under: , , ,

Comments

No Comments