Thursday, August 26, 2010

Aug 26 CVE-2009-4324 Chess on the High Seas from

Download 43cb55861b7fcf1dfb6968c9ef110bcc Aug2010.pdf as a password protected archive (contact me if you need the password)

From: Matthew Gebert []
Sent: Thursday, August 26, 2010 10:11 PM
Subject: Chess on the High Seas - Dangerous Times for U.S.-China Relations

The Obama administration's hopes that its warmer approach to Beijing would yield a more fruitful Sino-American relationship have been disappointed. Rather than adopting a more cooperative bearing, Beijing has become increasingly assertive over the past year. Recognizing the resulting detriment to U.S. interests and Asia-Pacific peace and security, the Obama administration is now pushing back. This new direction may convince Beijing to reconsider its recent assertive policies, but for now, the United States and China have entered a period of tense relations, raising the odds of a true crisis. Particularly worrisome is Chinese media coverage of this summer's quarrels, which has been nationalistic and anti-American in tone and content. Such coverage makes conflicts more difficult to resolve, as the Chinese regime cannot afford to look weak in the eyes of an incensed citizenry. Policymakers in both countries should be aware of this dynamic as they approach any additional disputes in the coming months.
Key points in this Outlook:
•    The United States and China have clashed over maritime exercises, with Beijing opposed to Washington asserting its right to exercise in international waters.
•    The Chinese media responded with a stream of nationalistic, anti-American reporting--portraying the United States as an imperial power.
•    Despite China's confidence, there are signs of internal weakness in the People's Republic, with social unrest on the rise
•    The United States should prepare diplomati¬cally and militarily for a potential crisis.

File name:
Submission date:
2010-08-29 03:33:46 (UTC)
24 /41 (58.5%)
AntiVir     2010.08.28     EXP/Pdfka.otd.2
Antiy-AVL     2010.08.26     Exploit/Win32.Pidief
Authentium     2010.08.28     PDF/Obfusc.M!Camelot
Avast     4.8.1351.0     2010.08.28     JS:Pdfka-WJ
Avast5     5.0.594.0     2010.08.28     JS:Pdfka-WJ
AVG     2010.08.28     Script/Exploit
BitDefender     7.2     2010.08.29     Exploit.PDF-JS.Gen
ClamAV     2010.08.28     Suspect.PDF.ObfuscatedJS-5
DrWeb     2010.08.29     Exploit.PDF.1386
Emsisoft     2010.08.28     Exploit.Win32.Pidief!IK
eTrust-Vet     36.1.7823     2010.08.27     PDF/Utild.A
F-Prot     2010.08.28     JS/ShellCode.AV.gen
F-Secure     9.0.15370.0     2010.08.28     Exploit.PDF-JS.Gen
GData     21     2010.08.29     Exploit.PDF-JS.Gen
Ikarus     T3.     2010.08.28     Exploit.Win32.Pidief
Kaspersky     2010.08.29     Exploit.Win32.Pidief.dcw
Microsoft     1.6103     2010.08.28     Exploit:Win32/Pdfjsc.FE
NOD32     5405     2010.08.28     JS/Exploit.Pdfka.OAQ
Norman     6.05.11     2010.08.28     PDF/Exploit.EK
nProtect     2010-08-28.01     2010.08.28     Exploit.PDF-JS.Gen
Panda     2010.08.28     Exploit/PDF.Gen.B
Sophos     4.56.0     2010.08.28     Troj/PDFJs-LP
Sunbelt     6808     2010.08.29     Exploit.PDF-JS.Gen (v)
TrendMicro-HouseCall     2010.08.29     Expl_ShellCodeSM
Additional information
Show all
MD5   : 43cb55861b7fcf1dfb6968c9ef110bcc





Received: from (HELO (
  by XXXXXXXX with SMTP; 27 Aug 2010 02:11:07 -0000
Received: from [] by with NNFMP; 27 Aug 2010 02:11:07 -0000
Received: from [] by with NNFMP; 27 Aug 2010 02:11:06 -0000
Received: from [] by with NNFMP; 27 Aug 2010 02:11:05 -0000
Received: from [] by with NNFMP; 27 Aug 2010 02:11:05 -0000
X-Yahoo-Newman-Property: ymail-3
Received: (qmail 72747 invoked by uid 60001); 27 Aug 2010 02:11:04 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1282875064; bh=l9AXsT5C8sF+Wj3+wZuf66KGHc9tCySFLnfUCWLNbP4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=5lAniIl4dUviz+2ztqdLBTUv2dJJosRNUFwUA6v5b6Bv91c0xc3X2+iQi0lmA/u2zhBbdkpa/7kkRFxOwQ37Yug0Yz87x46EFqWnc7nj6NryiKtw5IwQQrmjbYis5+iUrM0+vIGFWDsafRccUMM2JLMcMmyuAwtWo2V306eDxuY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
Message-ID: <>
X-YMail-OSG: Cg7zbwIVM1n3PDFvLIg7lltCnqUSL4y_NlzOFZE1zbiyDxr
Received: from [] by via HTTP; Thu, 26 Aug 2010 19:11:04 PDT
X-Mailer: YahooMailClassic/11.3.2 YahooMailWebService/
Date: Thu, 26 Aug 2010 19:11:04 -0700
From: Matthew Gebert
Subject: Chess on the High Seas - Dangerous Times for U.S.-China Relations
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-52491509-1282875064=:70331"
Organization:    HCLC
Assignment:    Static IP
Country:    Korea, Republic of

 Windows XP SP2 Adobe Reader 9.1

Created files 
%tmp%\asrss.exe   0 bytes

It needs to be tested on a different VM perhaps, it crashes, so it is hard to tell without further testing or static analysis of the payload

No comments:

Post a Comment