[Caution] New Adobe Zero Day Vulnerability

1. Introduction

Recently Adobe identified New Zero Day Vulnerability(CVE-2011-2462), in accordance with this security hole, spreading malicious file cases were reported. If this malicious file combines itself with social engineering, the range of damage will be rapidly widened. With the feature of Zero Day Vulnerability, security level of the product cannot be established. Therefore, users need to be careful on using internet against these malicious files.

[Security Advisory for Adobe Reader and Acrobat]


[Affected Softwares]

Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

2. Spreading path and symptoms of infection

This malicious file used CVE-2011-2462 vulnerability, is PDF type and can be spread through attachment of e-mail or certain link. Besides, if infected, system control permission can be lost to attacker with exposure of U3D memory tampering.

* U3D(Universal 3D)?

Universal 3D (U3D) is a compressed file format standard for 3D computer graphics data.

This malicious PDF file is a type of injecting malicious ShellCode, and its content is a type of survey(ManTech Employee Satisfaction Survey).

Upon executed this malicious PDF file, injected ShellCode will be executed. Furthermore, this PDF file will generate additional malicious files as following.

* Generated files

C:\Documents and Settings\(User Account)\Local Settings\pretty.exe
C:\Documents and Settings\(User Account)\Local Settings\WSE4EF1.TMP
C:\Documents and Settings\(User Account)\Local Settings\ctfmon.exe (Same file as pretty.exe)

Additional malicious files are known as communicating with external C&C server constantly, however, all related sites has been blocked.

3. How to prevent

Adobe announced security update Adobe Reader 9.x and Adobe Acrobat 9.x for Windows related with that vulnerability until Dec 12 for Windows. However, in case of Adobe Reader X and Adobe Acrobat X, those can protect themselves from the vulnerability with using safe mode and safe view.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. I read this article, this article very informative and interesting..I refer your blog to many of my friends as well.
    Thanks for sharing knowledge..
    Employee Satisfaction Survey Questions

  2. Do you know that this blog contains a lot of useful essay writing tips https://persuasivepapers.com/persuasive-essay-at-middle-school/. If you have an additional info please leave it in comment section.

  3. The agency understands how complex and time-consuming that Cheap Editing Services can be. If you simply don’t have the skills you require to complete a good paper, or you’re pressed for time, or you can always order Best Coursework Writing Servicefrom them.

  4. The term zero-day refers to an unknown vulnerability or an exploit in a software program that the developer of the software is newly aware of, and has not had the time to address and patch.

    game mobile

  5. I am upbeat to discover this post exceptionally helpful for me, as it contains part of data. I generally want to peruse the quality substance and this thing I found in you post. Important and famous people from throughout history born on this day. Search thousands of historical, noteworthy and Celebrity birthdays in our archives.

  6. The main thing to acknowledge with regards to LushFlirt is the way that when you join, you do so totally for nothing out of pocket. That is a fair component that basically implies you're enabled to evaluate the stage prior to focusing on it. YesPornPlease really has a couple 'freemium' highlights that you can pay for, however these aren't fundamental and you'll have the option to get together with provocative broads in your general vicinity without paying any money. Presently an intriguing part of YesPornPlease is the way that you can have live talk encounters – with webcams – on the stage. This is incredible for affirming the individual you're really conversing with is certified: a top-level approach to stay away from the tricks that exist in the web based dating world.