While recently analyzing a malicious PDF file, I noticed a vulnerability exploited by the sample which I’ve never encountered before. After a bit of research I came to the conclusion that this specific sample exploited CVE-2010-0188. This is a fresh vulnerability, information about which was just published this February. It is described as possibly leading to arbitrary code execution, which is exactly what’s happening.
We currently detect the malicious file as Exploit:Win32/Pidief.AX (SHA1: 908ae499a474e3006253417c658e055a633e75a1) and the dropped malware as TrojanDownloader:Win32/Qaantiz.A.
Fortunately Adobe has released an update to address the vulnerability which is offered automatically to all users. Read Adobe’s security bulletin here and upgrade to the latest version of Adobe Reader and Acrobat. Users can pull down the ‘help’ menu and click on ‘check for updates’ to ensure that they’re running the latest version.
As good practice, we advise every user to always update their programs as well as their operating system. We also advise users not to open files whose origins they don’t trust.