It was nearly two weeks ago when Adobe warned its users against this vulnerability and assured them for a security update by March.
The invaders were taking advantage of a crack on un-patched systems for overwriting memory with some buffer overflow as well as for installing a backdoor to control the system distantly.
According to Adobe, it’s planning to make security updates for its Adobe Reader 7, 8 as well as Acrobat 7, 8 by the end of this month, while for Unix and Adobe Reader 9.1 the announced date is 18th March.
On the other hand, US-CERT says that they are aware of public reports of two new vectors of attack in it’s vulnerability that involves the Windows Indexing Service and for the Windows Explorer Shell Extension.
If a malevolent PDF file is processed by the Windows Indexing Service or there is some malicious PDF file in Windows
Explorer, no or little user interaction can prove effective to exploit that vulnerability. Microsoft also issued updates for different important and critical vulnerabilities in Windows earlier today.
According to some online security experts, Adobe didn’t acknowledge these vulnerabilities earlier and it seemed quite uncommunicative towards this issue from its very beginning. One the other hand, Adobe representative didn’t respond to these comments.