We have received a new 0-Day exploit for Adobe
Acrobat via full-disclosure mailing list. This vulnerability was
announced on September 20th, 2007 in the site gnucitizien.org. In the advisory, the following can be read:
"The issue is quite critical given the fact that PDF
documents are in the core of today’s modern business. This and the fact
that it may take a while for Adobe to fix their closed source product,
are the reasons why I am not going to publish any POCs. You have to
take my word for it. The POCs will be released when an update is
But somebody, who had read the original
advisory, has discovered where the vulnerability is and has developed a
working PoC. This PoC has been sent to full-disclosure, a public
The PoC isn't harmful, however, when the PoC file is opened with a vulnerable version of Adobe Acrobat, calc.exe will be executed
Looking inside the PoC:
we can see the string that exploit the vulnerability.
TruPrevent is able to block this vulnerability (from the very first day). However, if you try the PoC with TruPrevent, the PoC will work because calc.exe is a trustworthy application for TruPrevent. Whereas if the vulnerability is modified to drop a malware, TruPrevent will block the vulnerability, avoiding the malware infection.