Security Researcher Mila Parkour has discovered a new zero-day exploit affecting Adobe Reader and Adobe Acrobat.
In her blog she posted some information about the file, which was sent as an email attachment.
Adobe has published a security bulletin for CVE-2010-2883 but hasn’t released a fix yet.
We verified the exploit on a fresh Windows 7 machine with the latest version of Adobe Reader. Upon opening the PDF document, a malicious file is downloaded.
We recommend users to be extremely careful when opening up email attachments as well as keeping their AV up-to-date with real time protection enabled.