YAAV (Yet Another Adobe Vulnerability)
July 12, 2011 | POSTED BY BRETT EDGAR IN MALWARE, WINDOWS, ADVISORIES
Another Adobe Acrobat vulnerability
is being exploited in the wild. All versions up to and including 9.1.3 are vulnerable. The current exploit targets Acrobat and Acrobat Reader on Windows specifically, but all Acrobat variants (those for Linux and Mac OS X) are vulnerable. Apparently, using DEP (Data Execution Prevention) in Windows may thwart the attack (at the moment). DEP is an optional setting. Here is the Microsoft KB
article about DEP, but their server is saying it's "too busy" at the moment (4:11p). More information from the ISC is here
Adobe is set to release an update on October 13. Until then, keep on your toes!
TRUE Network Security Monitoring customers: rest easier: if your resources are successfully attacked, we should see the results.