FYI --- PDF Spam - URI handling flaw

(for those who don't want to wade through blogs/resources...)


The Microsoft Security Response Center (MSRC) : MSRC Blog: October 25th Update To Security Advisory 943521:
http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx


Robert Hensing's Blog : It begins . . . (PDF spam run):
http://blogs.technet.com/robert_hensing/archive/2007/10/26/it-begins-pdf-spam-run.aspx


SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc:
http://isc.sans.org/diary.html?n&storyid=3566 <http://isc.sans.org/diary.html?n&storyid=3566>
http://isc.sans.org/diary.html?storyid=3537

Malicious PDF files being spammed out in volume - F-Secure Weblog : News from the Lab:
http://www.f-secure.com/weblog/archives/00001303.html

The subjects for the spam messages include:
Your credit report
Your credit points
Your balance report
Personal Financial Statement
Personal Credit Points
Personal Balance Report
Your Credit File
Balance Report

Adobe - Security Advisories : APSB07-18: Adobe Reader and Acrobat vulnerability:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1. This is an update to resolve the issue previously reported in Security Advisory APSA07-04 <http://www.adobe.com/go/apsa07-04>.

As a risk datapoint... my unfiltered, spammy maibox at pacbell.net... I am not seeing these pdf files here. But review your networks risk factors accordingly and consider patching Adobe Acrobat. Remember that WSUS cannot patch that (at least not 2 and even 3 you have to jump through hoops for that one)
.