Thursday, September 9, 2010

Criminals Are Getting Smarter: Analysis of Adobe Acrobat / Reader 0-Day Exploit

We would like to share our technical analysis of the recent Adobe Acrobat/Reader 0-Day exploit in the wild (CVE-2010-2883).

Here at VUPEN, we analyse a lot of of critical vulnerabilities and 0days and we design quite sophisticated exploits targeting various applications and operating systems. During the last few months, we have created a large number of Adobe Reader exploits and almost a dozen which bypassed DEP.

So why is this particular 0day exploit so interesting? Because it bypasses DEP and ASLR using a method that we have not seen often in the wild.


Looking forward to that Adobe Reader sandbox ;)

No comments:

Post a Comment