Thursday, January 14, 2010

Technical analysis of CVE-2009-4324 samples by different analysts.

Please see technical analysis of some of the samples kindly offered by different analysts. 

Analysis of Jan 7 US-J-India_strategic_dialogue sample
Us-J-India_strategic_dialogue.pdf --- MD5 12aab3743c6726452eb0a91d8190a473


========================================
All contagio samples

Analysis by extraexploit  (http://extraexploit.blogspot.com)
January 12, 2010  Adobe CVE-2009-4324 – Another one with AsciiHexDecode waiting for the patch day (for Jan 7 US-J-India_strategic_dialogue sample) -- New
December 29, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.6 – from Taiwan govs with low detection
December 19, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.3 - merry christmas
December 18, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.2 - shellcode and site down

December 15, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.1 - browsing C&Cs
December 15, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0



Analysis by Wh's Behind (http://whsbehind.blogspot.com)

January 14  CVE-2009-4324 Doc.media.newPlayer (Us-J-India_strategic_dialogue.pdf) by Wh's Behind New
December 30, 2009 CVE-2009-4324 Doc.media.newPlayer 0-day vulnerability in Adobe Reader/Acrobat v8.0 through 9.2 (new PDF from Taiwan govs) -
December 22, 2009 CVE-2009-4324 Doc.media.newPlayer vulnerability in Adobe Reader/Acrobat v8.0 through 9.2 (DEEP INSIGHT)


Analysis of Interview Outline by kaito (http://d.hatena.ne.jp/kaito834)
December 26, 2009 悪意あるPDF(malicious PDF)に含まれる Exploit コードを pdf-parser.py で確認する

 Analysis by demantos (http://malwarelab.tistory.com)

December 22, 2009 Adobe 0-Day
December 16, 2009 New Adobe Reader and Acrobat Vulnerability


CVE-2009-4324 Samples from other sources:
A
nalysis by Bojan Zdrnja - SANS (http://isc.sans.org/diary.html
)

January 4, 2009 Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324



Analysis by VRT (http://vrt-sourcefire.blogspot.com)
December 15, 2009 - Adobe Reader media.newPlayer() Analysis (CVE-2009-4324) 


Let me know if I missed any you think need to be added.









No comments:

Post a Comment