1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Exploit:JS/Pdfka.TI

Exploit:JS/Pdfka.TI

Name : Exploit:JS/Pdfka.TI
Detection Names : Exploit.js.pdfka.ti
Category:Malware
Type:Exploit
Platform:JS

Summary

A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

Additional Details

Exploit:JS/Pdfka.TI is an exploit that can take advantage of two vulnerabilities in a single PDF file in order to download malicious binary files (usually Trojan-Downloader:W32/Bredolab variants) onto the system.

The vulnerabilities exploited are:

  •  Collab.collectEmailInfo() JavaScript Overflow (CVE-2007-5659)
  • Util.printf() JavaScript Overflow (CVE-2008-2992).

Adobe Reader and Acrobat versions 8.1.2 and earlier are affected by the vulnerabilities exploited by this malware.

Activity

Once the vulnerabilities are exploited, binary files are downloaded from:

  •  http://[...]/welcome.php?id=5[...]

The downloaded files are saved in the Temporary directory using the following filenames:

  •  pdfupd.exe
  • crash.php

The files are then executed.