It was such a shock to read recently about yet another exploit in Adobe’s piece-of-crap Reader. Ryan Nairaine over at ZDNet writes,
From the SANS ISC alert:
The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval(unescape()) call.
Once deobfuscated, parts of the publicly posted PoC are visible, but the attackers also modified certain parts.
Adobe Reader is one of the most widely distributed pieces of software on the Windows ecosystem to the application of this patch should be an absolute priority.
Forget patching Adobe Reader…just uninstall it and use FoxIt or any number of other PDF reader applications that don’t kill your system performance and aren’t constantly falling prey to these sort of problems (in part because they’re just not that big of a target given the install base…but still, Adobe has far too many of these problems with Adobe Reader).