The zero-day vulnerability found (CVE-2009-1862) can be exploited to download and execute malicious code on the victim’s PC. Adobe announced that an update will be available on July 31, 2009 which will leave end users’ PCs until then unprotected.

The exploit was detected “in the wild” by Finjan’s Malicious Code Research Center (MCRC). As with the previous 0-day attacks reported by MCRC, Finjan’s unified secure web gateway (SWG) successfully detected and prevented the attempt to exploit the vulnerability and execute the code. By utilizing its patented real-time content inspection technology, Finjan’s SWG proactively prevented the attack without any update.

Web security products utilizing real-time code analysis technologies are the preferred solution to block such 0-day attacks and exploits. Yuval Ben-Itzhak, Finjan CTO explains: “Finjan customers are protected from these kinds of zero-day attacks, since Finjan’s Vital Security™ Web Gateway is able to detect such an exploit and block it without the need to have prior knowledge of the specific technique used by cybercriminals.”