Adobe pdf Exploit Making the Rounds

September is proving to be a busy month for the bad guys. Aside from the latest email worm, dubbed W32/VBMania@MM by McAfee, Adobe is also being exploited by the cyber criminals.

This latest bug (CVE-2010-2883), being called, "Critical," Adobe's highest rating, affects Adobe Reader / Acrobat versions 9.3.4 and earlier on the following platforms:

• Microsoft Windows
• Apple Macintosh
• Unix

According to Adobe, there are mitigation techniques available for Windows users, though an upgrade is definitely a better choice. Their official announcement warns,

Current exploits in the wild target the Windows platform. Customers using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited.

"For more information on EMET and implementing this mitigation, please refer to the Microsoft Security Research and Defense blog. Note that due to the time-sensitive nature of this issue, testing of the functional compatibility of this mitigation has been limited.

"Therefore, we recommend that you also test the mitigation in your environment to minimize any impact on your workflows.

Possible effects of the exploit?

Adobe says, This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system, so, unless you have some very good reason not to upgrade your Adobe Acrobat/Reader immediately, you should.

For more details, here's a post from Sophos on Adobe Acrobat/Reader exploit and the official Adobe Reader/Acrobat security announcement.