Adobe 0day again

[SysAdMini]

http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html

[SysAdMini]

New Adobe Zero-Day Exploit
http://blog.trendmicro.com/new-adobe-zero-day-exploit/

[CM_MWR]

66753CADCB8BD537AF50F2AE92D7627B

[SysAdMini]

66753CADCB8BD537AF50F2AE92D7627B

I have tested this sample multiple times in  VMWARE using AR 9.1.3. It didn't infect my machine.
AR sometimes crashed, nothing else.

[CM_MWR]

So this means it doesnt work for everybody or just for you?

 

FFS, I wish I had a dollar for everytime I jumped the gun like that! 

[SysAdMini]

So this means it doesnt work for everybody or just for you?

 

Someone else reported that it worked in about 10-15 % of his tests.

[CM_MWR]

I dont think we ever really kept count, Id say 6 of 10 worked for the setup we had built based on target machines setup.

[SysAdMini]

Latest PDF Zero Day Leads to Exploit Egg Hunt
http://www.avertlabs.com/research/blog/index.php/2009/10/13/latest-pdf-zero-day-leads-to-exploit-egg-hunt/

[SysAdMini]

Update: PDFiD Version 0.0.9 to Detect Another Adobe 0Day
http://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/

PDFiD is updated to detect the latest Adobe 0day, CVE-2009-3459.

I’ll provide more details in an upcoming post, just now for know that PDFiD detects a /Colors name followed by a very big number (larger than 2^24 or 16777216).

[SysAdMini]

Message from Didier Stevens on Twitter:

Not good! My PoC for CVE-2009-3459 still crashes Adobe Reader 9.2.0. Informed Adobe PSIRT