A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and
earlier versions of Adobe Systems' Acrobat, drops a backdoor onto
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works,
specifically the activity of its shell code, the piece of code that
in a technique known as "heap spraying."
"Based on our findings, the shell code (that was heap-sprayed) jumps to
another shell code inside the PDF file" before extracting and executing
the backdoor, Trend Micro said. The backdoor "is also embedded in the
PDF file and not the usual file downloaded from the Web."
Variants of the Protux backdoor typically provide an attacker
unrestricted user-level access to a compromised machine and previously
exploited vulnerabilities in
Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft's Patch Tuesday.
This screenshot shows the embedded executable file in the PDF file, after it has been decrypted.