Adobe warns of a recently discovered sample that’s trying to exploit the zero-day Adobe vulnerability tracked by CVE-2010-3654, in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 (and earlier 9.x versions) for Windows and Macintosh.
This sample is being distributed as a PDF file, and it has a lot of complicated steps before the final payload is executed. Analyzing this sample is like working your way through a matryoshka doll. Adobe recommends users of Reader 9.4 and earlier for Windows and Mac update to Reader 9.4.1. Reader 9.4.1 for UNIX update is expected to be available on Nov’30th. Also, Acrobat 9.4 and earlier for Windows and Mac update to Acrobat 9.4.1.
Note that these updates represent an out-of-cycle release.
Download From: Adobe (APSB10-28)