Monday, January 25, 2010

Jan 25 CVE-2009-4324 / CVE-2007-5659.+ Senate Hearing from:jpodesta@fastmail.fm Mon, 25 Jan 2010 08:26:21 -0500

Download F40376D0C1EB19A7774D32D6229D0465-_Principles_of_U.S._Engagement_in_Asia.pdf as a password protected archive (contact me for the password, if you need it) 

 Our friends are back to work







-----Original Message-----
From: John Podesta [mailto:jpodesta@fastmail.fm]
Sent: 2010-01-25 8:26 AM
To: XXXXXXXXXXX
Subject: Senate Hearing

Colleague,

Please find a brief summary attached from the Senate Foreign Relations hearing on U.S. engagement in Asia. If you have any questions, let me know.

Best,

John

--
http://www.fastmail.fm - Does exactly what it says on the tin



Headers
Received: from web5.messagingengine.com ([10.202.2.214])
  by compute2.internal (MEProxy); Mon, 25 Jan 2010 08:26:21 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:subject:date; s=smtpout; bh=ng4E/QdtxV52NTUAT6gbX2Ew3F4=; b=E+0YqT6P96wnUiPL1KNReFQgdedM7m6qy+gJ9TmcrB5CXkmeEUkmXwXcdbosmxc718UjqekIHDjBLh7KmoKv7xMIwCbbc66R331JAEDidLAZPmsirzfyOibUOomr0UBbgZQPCBblE9CyDLpS+JeeQkn39Yr/2BAlL+C6EGqBxEY=
Received: by web5.messagingengine.com (Postfix, from userid 99)
    id 4BBFC13C6D4; Mon, 25 Jan 2010 08:26:21 -0500 (EST)
Message-Id: <1264425981.3853.1356427399@webmail.messagingengine.com>
X-Sasl-Enc: 288Nt5DLYAY30Gwky/FEfHiS1HJH/n/PNyw8xtVHdQO/ 1264425981
From: "John Podesta" << fake
To: XXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_126442598138531"
X-Mailer: MessagingEngine.com Webmail Interface
Subject: Senate Hearing
Disposition-Notification-To: "John Podesta"
Date: Mon, 25 Jan 2010 05:26:21 -0800



Virustotal
 http://www.virustotal.com/analisis/7d6062f6fcdc71fa731e4c19c085ad5f0ad9433538f55c03a45915ac5e4ff95e-1264440096
File Principles_of_U.S._Engagement_in_ received on 2010.01.25 17:21:36 (UTC)
Result: 4/40 (10.00%)
AntiVir 7.9.1.150 2010.01.25 HTML/Malicious.PDF.Gen
eSafe 7.0.17.0 2010.01.25 PDF.Exploit
McAfee-GW-Edition 6.8.5 2010.01.25 Script.Malicious.PDF.Gen
NOD32 4805 2010.01.25 PDF/Exploit.Gen
Additional information
File size: 148870 bytes
MD5   : f40376d0c1eb19a7774d32d6229d0465


Wepawet
http://wepawet.iseclab.org/view.php?hash=f40376d0c1eb19a7774d32d6229d0465&type=js
File Principles of U.S. Engagement in Asia.pdf
MD5 f40376d0c1eb19a7774d32d6229d0465
Analysis Started 2010-01-25 09:28:27
Report Generated 2010-01-25 09:29:33
Jsand 1.03.02 malicious
doc.media.newPlayer Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2 CVE-2009-4324

ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=f40376d0c1eb19a7774d32d6229d0465
EXECUTABLE SCAN: Embedded Executable (xor/full)
REPORT: https://www.vicheck.ca/md5query.php?hash=f40376d0c1eb19a7774d32d6229d0465
Encrypted embedded executable with a key of 256 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659.
Confidence ranking: 100 (14 hits).
PDF Exploit suspicious use of util.printd CVE-2008-2992 [util.printd]


No comments:

Post a Comment