Also, lol, funny as i just posted a whole bunch of shmoo talks with links to pdfs Doh
** HD Moore's writeup here
** Exploit code here
**Sourcefire has some snort updates for the attacks
http://www.snort.org/vrt/advisories/vrt ... 02-20.html
Zero-Day Attack On Adobe Acrobat And Reader Under Way, But Patch Is Weeks Away
A new attack exploiting a previously unknown bug in Adobe Acrobat Reader is on the loose and being called "very severe," but Adobe doesn't plan to release a patch for the buffer overflow vulnerability until next month.
The Shadowserver Foundation reports that several iterations of the attack are spreading in the wild via the popular Acrobat and Acrobat Reader applications. "The Shadowserver Foundation has recently become aware of a very severe vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is currently on the loose in the wild and being actively exploited," blogs Shadowserver's Steven Adair. "Right now we believe these files are only being used in a smaller set of targeted attacks. However, these types of attacks are frequently the most damaging, and it is only a matter of time before this exploit ends up in every exploit pack on the Internet."
Adobe issued an alert about the vulnerability yesterday, describing it as a "critical" buffer overflow vulnerability in Versions 9 and earlier of both Adobe Reader and Acrobat. "This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited," Adobe said.
But an update for Adobe Reader 9 and Acrobat 9 won't be issued until March 11, the company said, and updates for versions 8 and 7 of the software tools "soon after."
Several antivirus firms, including Symantec and Trend Micro, can now detect the attack.