Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit.
Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit
Background on the exploit
As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).
Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. In the below screenshot we use Process Explorer to show what this looks like.