0-Day Exploit Week Bonanza: IE8, Adobe Reader Flaws in the Wild

Also known as CVE-2010-0249, the Internet Explorer 0-day exploit takes advantage of a memory corruption vulnerability affecting all versions of Internet explorer except for Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4.

 

In order to successfully attack a target, the remote party needs to create a malicious web page containing the exploit a flaw in Internet Explorer’s handling of specific DOM operations. In order to lure users into visiting the compromised resource, the attacker may use e-mail spam, social networking spam or any other means of mass distribution available. As soon as the document gets processed, the malicious code injected into it would run in the context of the current user and would likely compromise the system. If the exploit fails, then the attack would trigger a denial-of-service condition.

Under specific conditions, Internet Explorer can be tricked into allowing remote code execution by accessing an invalid pointer after an object is deleted. Although all versions of Internet Explorer are vulnerable (Including IE8 on Windows 7), risks are lower for IE8 users, as it comes with DEP (data execution prevention) enabled by default.

According to preliminary reports, this vulnerability has already been used in targeted attacks against 34 major corporations including Google and Adobe. At the moment, Microsoft has released an advisory, but there is no patch available for this vulnerability. BitDefender has issued an emergency update that intercepts and blocks the malicious code before it adversely impacts on the target system.

The second critical vulnerability deals with Adobe Reader. Also known as CVE-2009-4324, the vulnerability affects Adobe Reader and Acrobat 9.2 and earlier versions. Successful exploitation could cause crashes and allow a remote party to execute arbitrary code on the victim’s computer, as well as to carry out cross-site scripting attacks.

The vulnerability exploits an error in the implementation of the “Doc.media.newPlayer()” JavaScript method, that is likely to corrupt memory when a specially crafted PDF file is run. Initially discovered on December 14, the vulnerability is still being exploited in the wild, although the vendor has issued a patch on January 12. BitDefender users have been protected since day zero, as the company issued pro-active detection for the entire family of Trojans exploiting the PDF vulnerability.

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.