Last month, InternetNews.com reported that a white hat programmer had discovered a particularly nasty exploit in Adobe’s PDF format, and that Adobe was in the process of fixing it.

…

According to a posting on Symantec’s Security Response blog, the spam contains subject lines like “invoice,” “statement” or “bill.” The attached PDF file will have names like INVOICE.pdf, YOUR_BILL.pdf, BILL.pdf and STATEMET.pdf.

If you try to open these files with an unpatched Acrobat Reader or Internet Explorer 7, the application will crash, your firewall is disabled and a pair of rootkits are installed on your computer. The malicious code then installs Trojans to steal financial information, like bank account information.

Adobe fixed the flaw Monday and released Acrobat Reader 8.1.1, and the company is working to fix the 7.0.x version as well. But the exploit is actually in Internet Explorer 7, it’s just that Reader didn’t properly sanitize how URLs are passed from the Internet to the Windows ShellExecute function. The patch now checks to make sure the link being passed doesn’t contain any dangerous code.

[InternetNews , Read more... ]