A zero day vulnerability in the latest version of Adobe Reader has been discovered by Russian Cybercrime investigation company Group-IB.
The exploit is reported to only work against Windows and is based on a vulnerability that circumvents sandbox protection. It has now found its way onto the underground market for as much as $30,000. It is creeping into the cyber community in the form of a custom version of Blackhole Exploit Kit, a tool used for distributing banking Trojans like ZeuS, that uses drive-by downloads.
The vulnerability lies in malformed PDFs and can only be exploited once the browser has been closed and then reopened. Alternatively interaction between the PDF and the user can allow the vector to bypass the sandbox and spread.
Group-IB have released a video that explains the concept, however does not give any details. No documented way of bypassing the exploit with Shellcode exists so Adobe is currently investigating. In the meantime they advise software alternatives such as Foxit and Sumantra PDF.