Adobe has confirmed the existence of a 0day vulnerability (CVE-2010-2883) in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, as well as in Adobe Acrobat 9.3.4 as well as earlier versions for Windows and Macintosh. This vulnerability is currently being used in attacks in the wild, but a patch is not yet available to mitigate the threat. The vulnerability stems from a stack overflow in the CoolType.dll library.
A module for the vulnerability has been released for the popular MetaSploit Framework, so additional attacks built upon this vulnerability are expected. The issue was first publicized by researcher Mila Parkour, who spotted exploitation in email messages with the subject “Golf Clinic, David Leadbetter's One Point Lesson”.
Zscaler has deployed protections for all known exploits leveraging this vulnerability and will continue to monitor the issue. Zscaler customers are protected without the need to take further action.
APSA10-02 – Security Advisory for Adobe Reader and Acrobat
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh