Exploit.PDF.CVE-2011-2437

by Atlantis on April 17th, 2012 in Malware Descriptions.

Detect: Exploit.PDF.CVE-2011-2437
Platform: PDF
Type: Exploit
Size: <depends on document size>

Summary

It is an Exploit which uses vulnerability in Adobe Acrobat and Adobe Reader to execute a random code. It is a PDF document.

Technical Details

Payload

When the malicious program works, heap overflow vulnerability is explored. The vulnerability exists in the library of the Adobe image-manipulation applications ("PCX" format).

Exploring the vulnerability allows to launch a random code on a remote machine with privileges the current user can obtain running the application.

Removal Recommendations

  1. Delete the original Trojan file (its file name and location depends on the way the Trojan originally penetrated a user’s computer).
  2. Clean the Temporary Internet Files folder, which contains infected files (How to clean Temporary Internet Files folder).
  3. %Temporary Internet Files%\

  4. Run a full scan of your computer using the Antivirus program with the updated definition database (Download Ad-Aware Free).