Websense researcher Hermes Li has posted a blow-by-blow walkthrough (with screenshots) of the Adobe Acrobat/Reader vulnerability that’s currently under attack.
Excerpt from the blog post:
“This vulnerability is different than the one found at the end of last year (Exploit Action with PDF OpenAction) in Adobe PDF reader. This vulnerability allows the attacker to overwrite memory with executable shell code that uses “Heap Spray” technology in Javascript when parsing a specially crafted JBIG2Decode image object.”
Also see: Adobe under fire for poor security response.
