Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: PDF mailto exploit documents in the wild SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PDF mailto exploit documents in the wild

The vulnerability initially reported here http://isc.sans.org/diary.html?storyid=3406 and confirmed here (with workaround) http://isc.sans.org/diary.html?storyid=3477 and patched here http://isc.sans.org/diary.html?storyid=3531 now appears to have been spotted in the wild. The proof of concept code had been released, and a number of people have reported receiving the PDFs which exploit the vulnerability. Obviously please patch, apply the workarounds, and/or ensure you can detect and block the exploit. File names seen so far are "BILL.pdf" and "INVOICE.pdf".

Thanks Juha-Matti!

Cheers,
Adrien de Beaupré
Bell Canada

 

 

 

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS Europe Pen Test Special 2020

Adrien de Beaupre

353 Posts
ISC Handler
Oct 23rd 2007

Sign Up for Free or Log In to start participating in the conversation!