Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker to execute arbitrary code and silently take the control of a victim’s machine. This flaw is currently being exploited in the wild. Adobe released a patch on December 12.
McAfee researchers analyzed the exploit (the sample circulating in the wild) and figured out how the vulnerability is exploited and identified the malicious binary, which allows an attacker to take the control of the system.
The "CVE-2011-2462" article:
http://www.adobe.com/support/security/advisories/apsa11-04.htmlRead more about this in the orgianal article:
http://blogs.mcafee.com/mcafee-labs/inside-adobe-reader-zero-day-exploit-cve-2011-2462Orginal article:
Wednesday, December 14, 2011 at 12:26pm by Chintan Shah