- CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
- Download 7775E7ADE13D73919E8DCA4695AE7D0A- Invitation to Mike Castle Event.pdf as a password protected archive (contact me if you need the password)
- Download 7775E7ADE13D73919E8DCA4695AE7D0A-Unpackedpdfs+JS-byVilly (password protected, use the scheme or contact me)
According to Villy (thanks, Villy :)) the file contains two embedded pdfs - one small with js exploiting CVE-2009-4324 and one larger clean file. There is also a xored exe between those two files.
It is a very nice package.
Sent: 2010-02-10 10:08 AM
Subject: Rep. Mike Castle
Attached is an invitation for a February 15 reception honoring Rep. Mike Castle (R-De) in his candidacy for the U.S. Senate. I hope you will be able to join us.
Although his expected Democrat opponent has dropped out of the race, the New Castle County Executive has already announced his intention to seek the Democractic nomination. Hence, Mike's political situation is strong, but the Democrats are expected to make a full scale contest out of this race.
Presuming your support, Mike will make a great contribution in the Senate for Delaware and the Country.
Please send your response to me at: [Redacted]@gmail.com
Squire Sanders Public Advocacy, LLC
a wholly owned non-law firm affiliate of
Squire, Sanders & Dempsey L.L.P.
1201 Pennsylvania Avenue, N.W.
Washington, D.C. 20004
Squire Sanders|Legal Counsel Worldwide
32 Offices in 15 Countries
Cincinnati • Cleveland • Columbus • Houston • Los Angeles • Miami • New York • Palo Alto • Phoenix • San Francisco • Tallahassee • Tampa • Tysons Corner • Washington DC • West Palm Beach | Bogotá+ • Buenos Aires+ • Caracas • La Paz+ • Lima+ • Panamá+ • Rio de Janeiro • Santiago+ • Santo Domingo • São Paulo | Bratislava • Brussels • Bucharest+ • Budapest • Dublin+ • Frankfurt • Kyiv • London • Moscow • Prague • Riyadh+ • Warsaw | Beijing • Hong Kong • Shanghai • Tokyo
+Independent Network Firm
NOTICE: This email message and all attachments transmitted with it are intended solely for the use of the addressees and may contain legally privileged, protected or confidential information. If you have received this message in error, please notify the sender immediately by email reply and please delete this message from your computer and destroy any copies.
IRS Circular 230 Notice: To comply with U.S. Treasury regulations, we advise you that any U.S. federal tax advice included in this communication is not intended or written to be used, and cannot be used, to avoid any U.S. federal tax penalties or to promote, market, or recommend to another party any transaction or matter.
File Invitation_to_Mike_Castle_Event.p received on 2010.02.10 19:01:59 (UTC)
Result: 1/41 (2.44%)
Sophos 4.50.0 2010.02.10 Mal/PDFEx-D
File size: 325206 bytes
MD5 : 7775e7ade13d73919e8dca4695ae7d0a
The first unpacked pdf 1.pdf with CVE-2009-4324
Result: 5/41 (12.2%)
Loading server information...
Avast 4.8.1351.0 2010.02.12 JS:Pdfka-gen
BitDefender 7.2 2010.02.12 Exploit.PDF-JS.Gen
GData 19 2010.02.12 Exploit.PDF-JS.Gen
nProtect 2009.1.8.0 2010.02.12 Exploit.PDF-JS.Gen.C02
Sunbelt 5671 2010.02.11 Exploit.PDF-JS.Gen (v)
File size: 7221 bytes