Wednesday, July 14, 2010

Jul 14 CVE-2009-4324 PDF President Obama's Detrimental Deadlines

CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
 
 Download 51d54fce1d57a7228a4ed8d193f9f2bf and 0f5d42aa99b17eabddc19a46013b517b  as a password protected archive (please contact me if you need the password)

From: XXXXXXXXXXXXXXXXXX
Sent: Wednesday, July 14, 2010 9:42 AM
To: XXXXXXXX
Subject: Fw: AEI : President Obama's Detrimental Deadlines

----- Forwarded Message ----
From: accounts-noreply@aei.org accounts-noreply@aei.org
To: XXXXXXXXXXXX
Sent: Tue,July 13, 2010 10:35:55 AM
Subject: AEI.org : President Obama's Detrimental Deadlines

President Obama's Detrimental Deadlines
By Marc A. Thiessen | Washington Post
Tuesday, June 29, 2010
Rather than setting artificial deadlines, President Obama must start projecting resolve to win the war in Afghanistan, and he must tell Americans the stakes, the consequences of failure, and why he will not accept defeat.   [Read more]

The American Enterprise Institute for Public Policy Research
1150 Seventeenth Street, N.W.
Washington, D.C. 20036
www.aei.org
Phone: 202.862.5800


Headers
Received: (qmail 6387 invoked from network); 14 Jul 2010 13:26:37 -0000
Received: from static-76-9-100-66.ngn.onecommunications.net (HELO XXXXXX) (76.9.100.66)
[...]
From: XXXXXXXXXXXXXXXXXXXXXXXXXXX
To: XXXXXXXXXXX
Subject: =?iso-8859-1?B?Rnc6IEFFSSA6IFByZXNpZGVudCBPYmFtYSdzIERldHJpbWVudGFsIERlYWRsaW5lcw==?=
Date: Wed, 14 Jul 2010 09:41:52 -0400
X-Priority: 3
X-Mailer: Extreme Mail Express
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=NextMime00A_000_90245093D"
Hostname:    static-76-9-100-66.ngn.onecommunications.net
ISP:    One Communications Corporation
Organization:    GAWRYL AND MACALLISTER ATTORNEYS AT LAW
Type:    Corporate
Assignment:    Static IP
Country:    United States us flag
State/Region:    New Hampshire
City:    Keene

File President_Obama_s_Detrimental_Dea received on 2010.07.28 03:41:23 (UTC)
http://www.virustotal.com/analisis/6b5a5f8b09ef4a6571f5431008c3ad80441205c9cba2c565ad8a21ea0421d7e4-1280288483
Result: 18/42 (42.86%)
AhnLab-V3    2010.07.28.00    2010.07.27    Win-Trojan/Exploit-PDF
AntiVir    8.2.4.26    2010.07.27    EXP/Pidief.244965
Authentium    5.2.0.5    2010.07.28    PDF/Pidief.BO
Avast    4.8.1351.0    2010.07.28    JS:Pdfka-gen
Avast5    5.0.332.0    2010.07.28    JS:Pdfka-gen
BitDefender    7.2    2010.07.28    Exploit.PDF-JS.Gen
CAT-QuickHeal    11.00    2010.07.27    Exploit.PDF.FlateDecode
DrWeb    5.0.2.03300    2010.07.28    Exploit.PDF.687
Emsisoft    5.0.0.34    2010.07.28    Exploit.JS.Pdfka!IK
eSafe    7.0.17.0    2010.07.27    Exploit.PDF.f
F-Prot    4.6.1.107    2010.07.28    PDF/Pidief.BO
F-Secure    9.0.15370.0    2010.07.28    Exploit.PDF-JS.Gen
GData    21    2010.07.28    Exploit.PDF-JS.Gen
Ikarus    T3.1.1.84.0    2010.07.28    Exploit.JS.Pdfka
McAfee-GW-Edition    2010.1    2010.07.27    Heuristic.BehavesLike.JS.BufferOverflow.A
Norman    6.05.11    2010.07.27    JS/Shellcode.HQ
nProtect    2010-07-28.01    2010.07.28    Exploit.PDF-JS.Gen
Sophos    4.55.0    2010.07.28    Troj/PDFJs-GQ
Additional information
File size: 106155 bytes
MD5...: 51d54fce1d57a7228a4ed8d193f9f2bf


 President_Obama_s_Detrimental_Dea received on 2010.07.15 11:59:20 (UTC)
Result: 19/42
http://www.virustotal.com/analisis/34cb88a51729a7d54d6e575ae14e184b25ee581ee15bc60775251909d63bd477-1279195160

Antivirus     Version     Last Update     Result
a-squared     5.0.0.31     2010.07.15     Exploit.JS.Pdfka!IK
AhnLab-V3     2010.07.15.01     2010.07.15     Win-Trojan/Exploit-PDF
AntiVir     8.2.4.10     2010.07.15     EXP/Pidief.244965
Authentium     5.2.0.5     2010.07.15     PDF/Pidief.BO
Avast     4.8.1351.0     2010.07.14     JS:Pdfka-gen
Avast5     5.0.332.0     2010.07.15     JS:Pdfka-gen
BitDefender     7.2     2010.07.15     Exploit.PDF-JS.Gen
CAT-QuickHeal     11.00     2010.07.15     Exploit.PDF.FlateDecode
DrWeb     5.0.2.03300     2010.07.15     Exploit.PDF.687
eSafe     7.0.17.0     2010.07.15     Exploit.PDF.f
F-Prot     4.6.1.107     2010.07.15     PDF/Pidief.BO
F-Secure     9.0.15370.0     2010.07.15     Exploit.PDF-JS.Gen
GData     21     2010.07.15     Exploit.PDF-JS.Gen
Ikarus     T3.1.1.84.0     2010.07.15     Exploit.JS.Pdfka
McAfee     5.400.0.1158     2010.07.15     Exploit-PDF.q.gen!stream
McAfee-GW-Edition     2010.1     2010.07.15     Heuristic.BehavesLike.JS.BufferOverflow.A
Norman     6.05.11     2010.07.14     JS/Shellcode.HQ
nProtect     2010-07-15.02     2010.07.15     Exploit.PDF-JS.Gen
Sophos     4.55.0     2010.07.15     Troj/PDFJs-GQ
Additional information
File size: 155575 bytes
MD5   : 0f5d42aa99b17eabddc19a46013b517b

Vicheck.ca
PDF Exploit call to media.newPlayer CVE-2009-4324
https://www.vicheck.ca/md5query.php?hash=51d54fce1d57a7228a4ed8d193f9f2bf

PDF Exploit call to media.newPlayer CVE-2009-4324
https://www.vicheck.ca/md5query.php?hash=0f5d42aa99b17eabddc19a46013b517b


No comments:

Post a Comment