This is the Trend Micro detection for an exploit code that takes advantage of the PDF Mailto vulnerability in Adobe Acrobat and Adobe Reader 8.1. The said vulnerability allows an arbitrary code to execute on an affected system.
For more information regarding the abovementioned vulnerability, refer to the following Web page:
This exploit code arrives as an attachment to email messages spammed by another malware or a malicious user.
Once it successfully takes advantage of the said vulnerability, this exploit code connects to the following FTP site to download and execute a malicious file detected by Trend Micro as TROJ_HARNIG.CU:
As a result, routines of the downloaded Trojan are exhibited on the affected system.
In Windows XP, it also executes a command line instruction to disable the Windows Firewall.
This exploit runs on Windows 98, ME, NT, 2000, XP, and Server 2003 where Adobe Acrobat and Adobe Reader 8.1 is installed.