Feb 20, 2013
___Adobe 0-day Reader/Acrobat exploit in-the-wild
Feb 12, 2013 10:45 PM - "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild
. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog* for the latest information."
Release Date: 2013-02-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution: No official solution is currently available.
... Reported as a 0-day.
Last updated: Feb 16, 2013
CVE number: CVE-2013-0640, CVE-2013-0641
: Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View
. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here:
... Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013..."
Feb 14, 2013 - "... the "protected view" feature prevents the current attacks from working — but only if it's manually enabled
. To turn it on, access Preferences > Security (Enhanced)
and then check the "Files from potentially unsafe locations," or even the "All files
" option. Then click OK
There's also a way for administrators to enable protected view on Windows machines across their organization... It's unclear why protected view isn't turned on by default
Feb 13, 2013 - "... we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain... we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public..."
Feb 13, 2013 - "... Consider mitigating your Adobe Reader usage until there's an update from Adobe..."
Feb 13, 2013 - "... Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes... To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources
ThreatCon is currently at Level 2: Elevated.
"... On February 7, 2013, Adobe released a patch for Adobe Flash Player. This release addresses CVE-2013-0633 (BID 57788) and CVE-2013-0634 (BID 57787), which are being actively exploited in the wild, distributed through malicious Word documents...
[superseded by APSB13-05
... Adobe Flash Player 11.6.602.168... February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637https://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2013-0637&search_type=last3months&cves=on