Attackers are exploiting the vulnerability through email messages with a specially crafted PDF attachment that is labelled bill.pdf or invoice.pdf. A known vulnerability in the way that the documents are handled subjects recipients to arbitrary code execution, which allows the attacker to recruit a system as part of a botnet or install other malware.
The release of the exploit follows days after a security researcher published a proof of concept for the flaw on 17 October. Adobe released a patch for the vulnerability on Monday 22 October.
Details about the vulnerability were published in late September on the GNU Citizen blog. The blog at the time didn't provide proof of concept (PoC) code, because the author anticipated that Adobe would be slow in creating a patch.
The speedy release of attack code following the proof of concept publication once again illustrated that PoC code can easily be turned into a live attack.
Attackers target PDF vulnerability
By Tom Sanders on Oct 25, 2007 9:59AM