Attackers are using a previously unknown exploitation technique that bypasses both ASLR and DEP to exploit the unpatched Adobe Reader bug. The exploit works on machines running either Windows Vista or Windows 7 and is also dropping a file on compromised machines that is signed using a stolen, valid digital certificate. Kaspersky Lab: The malicious file installed on machines compromised via the new Reader exploit is digitally signed by a valid certificate belonging to a credit union in Missouri. The company is planning to add a sandbox to upcoming versions of Reader to help prevent attacks against the application.
Source: https://threatpost.com/adobe-exploit-bypasses-aslr-and-dep-drops-signed-malicious-file-090910/74445/

