San Jose, California – July 23, 2009 – Finjan discovered a new 0-day exploit “in the wild”. This time, cybercriminals are exploiting a vulnerability in Adobe Acrobat Reader and Flash player.    

The zero-day vulnerability found (CVE-2009-1862) can be exploited to download and execute malicious code on the victim’s PC. Adobe announced that an update will be available on July 31, 2009 which will leave end users’ PCs until then unprotected.   

The exploit was detected “in the wild” by Finjan’s Malicious Code Research Center (MCRC). As with the previous 0-day attacks reported by MCRC, Finjan’s unified secure web gateway (SWG) successfully detected and prevented the attempt to exploit the vulnerability and execute the code.

By utilizing its patented real-time content inspection technology, Finjan’s SWG proactively prevented the attack without any update.    

Web security products utilizing real-time code analysis technologies are the preferred solution to block such 0-day attacks and exploits. Yuval Ben-Itzhak, Finjan CTO explains: “Finjan customers are protected from these kinds of zero-day attacks, since Finjan’s Vital Security™ Web Gateway is able to detect such an exploit and block it without the need to have prior knowledge of the specific technique used by cybercriminals.”   

For more information about this zero-day exploit and a snapshot of the actual code as found in-the-wild, please visit Finjan’s blog at: http://www.finjan.com/MCRCblog.aspx?EntryId=2307   

For more information on Adobe Security Advisory about this vulnerability: http://www.adobe.com/support/security/advisories/apsa09-03.html

About MCRC   

Finjan’s MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.   

For more information about Finjan, please visit: www.finjan.com.   

For alerts, please follow us on Twitter at www.twitter.com/SecureTweets         

© Copyright 1996-2009. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved.

You may not modify, license, create derivative works from, transfer, or sell any part of its content without Finjan’s explicit permission. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including European Patent EP 0 965 094 B1 and U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358, 7418731 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote, Window-of-Vulnerability, RUSafe and SecureBrowsing are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.