Critical Zero-Day Exploits Hit Internet Explorer and Adobe Reader

BitDefender®, an award-winning provider of innovative anti-malware security solutions, has discovered separate, critical zero-day exploits in two of the most heavily used applications in the world: Microsoft’s Internet Explorer and Adobe Reader.

According to preliminary reports, the Internet Explorer vulnerability has already been used in targeted attacks against 34 major corporations including Google and Adobe. At the moment, Microsoft has released an advisory, but there is no patch available for this vulnerability. BitDefender has pushed an emergency update to users of its security products that intercepts and blocks the malicious code before it adversely impacts on the target system.

The Adobe flaw was initially discovered on December 14 and although the vendor pushed a patch on January 12 the vulnerability is still being exploited in the wild. BitDefender users have been protected since day zero, as the company issued proactive detection for the entire family of Trojans exploiting the PDF vulnerability.

Internet Explorer Threat Details:

Also known as CVE-2010-0249, the Internet Explorer zero-day exploit takes advantage of a memory corruption vulnerability affecting all versions of Internet explorer except for Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4.

In order to successfully attack a target, the remote party needs to create a malicious web page containing the exploit, a flaw in Internet Explorer’s handling of specific DOM operations. In order to lure users into visiting the compromised resource, the attacker may use e-mail spam, social networking spam or any other means of mass distribution available. As soon as the document gets processed, the malicious code injected into it would run in the context of the current user and would likely compromise the system. If the exploit fails, then the attack would trigger a denial-of-service condition.

Under specific conditions, Internet Explorer can be tricked into allowing remote code execution by accessing an invalid pointer after an object is deleted. Although all versions of Internet Explorer are vulnerable (Including IE8 on Windows 7), risks are lower for IE8 users, as it comes with DEP (data execution prevention) enabled by default.

Adobe Reader Threat Details:

Officially known as CVE-2009-4324, the vulnerability affects Adobe Reader and Acrobat 9.2 and earlier versions. Successful exploitation could cause crashes and allow a remote party to execute arbitrary code on the victim’s computer, as well as to carry out cross-site scripting attacks.

The vulnerability exploits an error in the implementation of the “Doc.media.newPlayer()” JavaScript method, that is likely to corrupt memory when a specially crafted PDF file is run.

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to exercise extreme caution when prompted to open files from unfamiliar locations. Users who are concerned they may have been exposed to these attacks can check for viruses on their computer for free with BitDefender’s online scanner.

BitDefender will be participating at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk