New PDF Attack Targets Aviation Defense Industry

FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon method of a Collab object, according to the CVE alert.

FireEye reported today it had detected a new critical PDF attack targeting the aviation defense industry. Malware Page exploits a stack-based buffer overflow vulnerability in Adobe Acrobat and Adobe Reader. An attacker would be able to execute code remotely via a crafted argument to the getIcon method of a Collab object, according to the CVE alert.

When a user opens the infected PDF, the exploit creates an executable file, which drops a DLL and opens a backdoor connection on TCP port 49163, FireEye said in its analysis. The malware opens connections to IP addresses in Germany and the Bahamas and maintains a detailed log of all network communications.
Simultaneously, the attack drops a decoy PDF document which is an invitation to an actual defense industry event.

Suggested articles

Discussion

  • Anonymous on

    What were the C2IPs invovled? Thanks. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.