Another Acrobat Reader 0day PoC has been posted, this time targeting a boundary condition error (longhand for buffer overflow here) in the vulnerable ‘getAnnots()’ javascript function. We haven’t seen any ITW malcode targeting Windows versions of Reader, but based on past experience, ThreatFire will prevent exploits targeting this vulnerability when they arrive within a week or so.
Right now, the highest levels of Reader exploitation comes from commodity LuckySploit exploit pack implementations, as we have mentioned and expected in previous posts. At the least, users should update their third party software frequently, possibly consider an alternative reader for now, and install a behavioral based solution like ThreatFire for proactive protection.
