Monday, November 8, 2010

Oct 29 CVE-2009-4324 Bulletin No. 32 Sino-US from ythtzxd@gmail.com

Common Vulnerabilities and Exposures

CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

  General File Information

File ATT29632.pdf
MD5  bd4d584dffedcdeb0efc0b362ff73db8

SHA1  7d018cab3201ec8810bf2a438cbfbe42caa458e
File size 278987 bytes
Type:  PDF
Distribution: Email attachment 

Download

Original Message

Google translate
From: China-US Relations Research Center of Tsinghua University [mailto: ythtzxd@gmail.com]
Sent: Friday, October 29, 2010 12:33 AM
To: XXXX
Subject: Bulletin No. 32 Sino-US relations

Dear Sirs:
       Annex Research Center of Tsinghua University China-US relations recently produced the "Sino-US relations presentation" (第三十二期), on October 1 to 15 this important event in Sino-US relations half a summary and analysis for you scholars reference.
    Current Editor: Zhang Xudong Zhang Weiyu
   Research Center of Tsinghua University, China-US relations
   Email: ythtzxd@gmail.com

====
 From: 清華大學中美關係研究中心 [mailto:ythtzxd@gmail.com]
Sent: Friday, October 29, 2010 12:33 AM
To: XXXXX
Subject: 中美關係簡報第32期
 
敬啟者:
 
       附件內為清華大學中美關係研究中心近期制作的《中美關係簡報》(第三十二期),對10月1日至15日這半個月的中美關係重要事件進行了總結和分析,供各位學者參考。
 
   本期編輯:張旭東  張偉玉
   清華大學中美關係研究中心
 
   Email: ythtzxd@gmail.com


Message Headers

Gmail.
Received: (qmail 4602 invoked from network); 29 Oct 2010 04:32:53 -0000
Received: from msr13.hinet.net (HELO msr13.hinet.net) (168.95.4.113)
  by XXXX with SMTP; 29 Oct 2010 04:32:53 -0000
Received: from ythtzxdpc (211-21-218-116.HINET-IP.hinet.net [211.21.218.116])
    by msr13.hinet.net (8.9.3/8.9.3) with ESMTP id MAA14299
    for XXXXXXXXXXXXXXX; Fri, 29 Oct 2010 12:32:27 +0800 (CST)
Reply-To: ythtzxd@gmail.com
From: "=?BIG5?B?sk212KRqvsekpKz8w/arWazjqHOkpKTf?="
To: XXXX
Subject: =?BIG5?B?pKSs/MP2q1nCsrP4ssQzMrTB?=
Date: Thu, 28 Oct 2010 22:33:04 -0600
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_10102822052164073505182_000"
X-Priority: 3
X-Mailer: DreamMail 4.6.8.2

Sender

ythtzxd@gmail.com

 211.21.218.116
Hostname:    211-21-218-116.hinet-ip.hinet.net
ISP:    CHTD, Chunghwa Telecom Co., Ltd.
Organization:    Ju Nan Business Co., Ltd.
Country:    Taiwan
City:    Tainan


Automated Scans

File name:ATT29632.pdf
http://www.virustotal.com/file-scan/report.html?id=cd6dd8239397e392a68f3afd7883a4cf967231292a5bf6fba68f56944291b6d6-1289189777
Submission date:2010-11-08 04:16:17 (UTC)
Result:12/ 35 (34.3%)
AntiVir    7.10.13.164    2010.11.07    EXP/Pidief.Pdfka.39
Avast    4.8.1351.0    2010.11.07    JS:Pdfka-AQP
Avast5    5.0.594.0    2010.11.07    JS:Pdfka-AQP
BitDefender    7.2    2010.11.08    Trojan.Script.471966
ClamAV    0.96.2.0-git    2010.11.08    Exploit.PDF.Gen
Kaspersky    7.0.0.125    2010.11.08    Exploit.JS.Pdfka.cxo
McAfee-GW-Edition    2010.1C    2010.11.07    Heuristic.BehavesLike.JS.BufferOverflow.A
Microsoft    1.6301    2010.11.07    Exploit:Win32/Pdfdrop.A
nProtect    2010-11-08.01    2010.11.08    Trojan.Script.471966
Panda    10.0.2.7    2010.11.07    Exploit/PDF.Gen.B
Sophos    4.59.0    2010.11.08    Troj/PDFJs-FM
Sunbelt    7248    2010.11.08    Exploit.PDF-JS.Gen (v)
MD5   : bd4d584dffedcdeb0efc0b362ff73db8

ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=bd4d584dffedcdeb0efc0b362ff73db8
Result: PDF Javascript heap spray shellcode

Wepawet
http://wepawet.iseclab.org/view.php?hash=bd4d584dffedcdeb0efc0b362ff73db8&type=js

Analysis / CVE ID

CVE-2009-4324

No comments:

Post a Comment