Online attackers began targeting a recently fixed vulnerability in Adobe Acrobat, spamming out e-mails with a malicious attachment in the Portable Document Format (PDF), security firms and Microsoft warned last week.
The e-mail attack aims to compromise systems that have not fixed a flaw in the way Adobe Acrobat handles
mailto links in PDF files. The vulnerability affects a variety of versions of Adobe Acrobat and Adobe Acrobat Reader on running on Windows XP using Internet Explorer 7. Adobe fixed the security hole a week ago, and attacks started appearing the next day, according to Symantec.
In a blog entry on Thursday, Microsoft acknowledged the attack and said that, while it used Adobe's application to execute, the actual flaw is in Microsoft's software.
"Because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability they just close an attack vector," Bill Sisk, a member of the Microsoft Security Response Center (MSRC), stated in the posting. "As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution."
Portable Document Format (PDF) files have increasingly been used as a means to deliver spammers' advertisements, but only rarely has the file format been used as an attack vector. In September, e-mail messages with PDF attachments only accounted for 1 percent of all spam, according to e-mail and content security firm Proofpoint. Word documents account for more than 3 percent. Spammers have even starting sending out audio advertisements attached to e-mail messages in the MP3 format.
Symantec is the parent company of SecurityFocus.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos