> a trojan attached to a 1946 Altec speaker catalog PDF
There was a time we did not send Word/Excel files (macro viruses), we used PDF "because it is safe". Recently hackers are finding and USING vulnerabilities in Adobe products almost monthly (and 27 patches in one month).
This is just a sample of alerts published in SANS NewsBites and other sources:
A vulnerability in Adobe Acrobat, Adobe Reader, and Adobe Flash can result in remote code execution. ... was being exploited in the wild on July 21, 2009
12/15/2009 Vulnerability in Adobe Reader and Adobe Acrobat Could Allow For Remote Code Execution
June 08, 2010
* Adobe Reader 9.3.2 and earlier 9.x versions
* Adobe Acrobat 9.3.2 and earlier 9.x versions
August 11, 2010
* Adobe Reader 9.3.3 and earlier 9.x versions
August 19, 2010
* Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
* Adobe Reader 8.2.3 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh
September 20, 2010
* Adobe Reader 9.3.4 and earlier 9.x versions
October 06, 2010
* Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
* Adobe Reader 8.2.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh
June 15, 2011
* Adobe Reader X (10.0.1) and earlier 10.x versions for Windows
* Adobe Reader X (10.0.3) and earlier 10.x versions for Macintosh
* Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh
* Adobe Reader 8.2.6 and earlier 8.x versions for Windows and Macintosh
* Adobe Acrobat X (10.0.3) and earlier 10.x versions for Windows and Macintosh
* Adobe Acrobat 9.4.3 and earlier 9.x versions for Windows and Macintosh
* Adobe Acrobat 8.2.6 and earlier 8.x versions for Windows and Macintosh
Adobe Security Bulletin APSB11-16 describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x versions, 8.2.6, and earlier 8.x versions. These vulnerabilities also affect Reader X and Acrobat X 10.0.3, 10.0.1, and earlier 10.x versions.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems.
These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.