2011年12月13日 星期二

Adobe failed to patch the U3D 0day Exploit (CVE-2011-2462) on time as promised

Xecure Lab's free online APT scanning service - XecScan (http://scan.xecure-lab.com) successfully identified a new vulnerability being actively exploited in targeted attack and Adobe had released security advisory of this critical issue as the U3D memory corruption vulnerability (CVE-2011-2462).

Originally, Adobe aims to make an update for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011, however a security patch for CVE-2011-2462 is still not yet available.

For the past one week, we have received three different md5 version of the APT samples, however they all point to the same known APT attack group.


As it's U3D vulnerability, we found all samples have the U3D-related strings.

MD5 of our CVE-2011-2462 samples:
  1. 409256cfdeb1932392aa7e63ccb38644
  2. c72484172babcc53fcb28e9427283d95
  3. 721fda5df552f4130218ad9bd2a4ab78
Suggestions for Mitigation:

  • If you're our XecMail customer, there is nothing to be worried, such APT emails would be identified.
  • If you favor manual inspection, please look for U3D-related patterns.
  • Once again, there is always our free XecScan service that you can leverage to scan any suspicious document.
  • Lastly, the official patch from Adobe should be available pretty soon.






We have free anti-APT services for the community:

  • XecMail Cloud is online APT scanning service for your Gmail account.
  • XecScan is online APT scanning service for your local document.

2 則留言: