Mobile and print friendly view | Contagio Exchange - Contagio community malware dump

Thursday, April 21, 2011

Apr 21 CVE-2011-0611 PDF - SWF Data requirements.pdf from williams.jennifer16@yahoo.com 65.49.2.181

Common Vulnerabilities and Exposures (CVE)number

CVE-2011-0611 -- Adobe Flash Player 10.2.153.1 and earlier for Windows, Macintosh, Linux, and Solaris; 10.2.154.25 and earlier for Chrome; and 10.2.156.12 and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.

  General File Information

File Name Data requirements.pdf
MD5: 0d3584985627fa1c7b39c8cc8a870e58
SHA1: 3a29e57930bbfe4467b037c12e1f11a032e43420
SHA256: 773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec
File size: 44073 bytes
File Type: PDF
Distribution: Email attachment

Download


Original Message



 From: Jennifer Williams [mailto:williams.jennifer16@yahoo.com]
Sent: Thursday, April 21, 2011 10:05 AM
To: XXXXXX
Subject: Initialization

The attachment is only an initialization,some amendment should be made. Please give us some advice.

Message Headers


Received: (qmail 30851 invoked from network); 21 Apr 2011 14:04:34 -0000
Received: from nm21-vm2.bullet.mail.ne1.yahoo.com (HELO nm21-vm2.bullet.mail.ne1.yahoo.com) (98.138.91.209)
  by XXXXXXXXXX 21 Apr 2011 14:04:34 -0000
Received: from [98.138.90.48] by nm21.bullet.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:35 -0000
Received: from [98.138.88.238] by tm1.bullet.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:34 -0000
Received: from [127.0.0.1] by omp1038.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:34 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 969874.96876.bm@omp1038.mail.ne1.yahoo.com
Received: (qmail 45108 invoked by uid 60001); 21 Apr 2011 14:04:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1303394674; bh=mWPFlhOqEevxD/USutv1mQ0yWR6RWNWW+bj7tayT2tI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=ZSmVoUPCv4DlwBa5TkwMqFGuLdrYVIiM2QFpZTBqj7XDj4FpP5+osc0cIylTRJVMyvhI83rzSO7cBdppgYNafTIuopPjVaYK6i/1LwrJ4ujs7lsf9t2tGpKPA8/OtXwJl5mBu9HLd9mbtuyIYupgMrRl4RnomJrJPOMMDIVIZHs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
  b=Rb4GX1f/wGxRfbUv7BTAdUe/Jf05+hzjgWS9fWw1RzX+kXGEXF+oxShvxJJAx4LlzAEgP/CQ1gEB7Hhcg68SRx4w42DS/ommYViXAkP/6PUaMAIfYwwL4dPHFgvChFBZfcjVlMsRyN/xxb7Vj59FyMvrTvToNfqXrIbZ56+k6Qs=;
Message-ID: <876619.45077.qm@web121812.mail.ne1.yahoo.com>
X-YMail-OSG: 4HbWER8VM1nizqgbE3Lfcrusmqfyo_nIePs2QevnpfjJVPl
 7.78dTRilSQrhDkPEoXmbWQsrfCkFTHTfBceE1_n1DljmJJxy2U7tz6TZatV
 yIBe6CkT3rOek5RkZ0DCU3MGbxfxrMxp5llRs93ZEihOkDttJRH6cFb0aL_K
 TJYV1YUQhe1M9IxMAWb0YsRvYlBOXVbbJ5P5JWVHZ_bgPc2_.mwlCNfaFdNX
 grA.G9VGbo_z8VAx4sqQ0asXcBN5_n7xcqCSTZacOgh4I.wXZu6qIOZP6RLe
 IJXS7uVejprUoEmie2zXZEGZJ0rNT7UaHlcOA1ZTS39ePIIKYnz2PT8yM
Received: from [65.49.2.181] by web121812.mail.ne1.yahoo.com via HTTP; Thu, 21 Apr 2011 07:04:34 PDT
X-Mailer: YahooMailRC/559 YahooMailWebService/0.8.110.299900
Date: Thu, 21 Apr 2011 07:04:34 -0700
From: Jennifer Williams
Subject: Initialization
To: XXXXXXXXXXXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2141358634-1303394674=:45077"



Sender

Hostname:    65.49.2.18
ISP:    Hurricane Electric
Organization:    Sophidea
Proxy:    Confirmed proxy server.
Type:    Corporate
Assignment:    Static IP
Country:    Anonymous Proxy


Automated Scans

 Data requirements.pdf
http://www.virustotal.com/file-scan/report.html?id=773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec-1303404314#
AntivirusVersionLast updateResult
AhnLab-V32011.04.22.002011.04.21SWF/Exploit
AntiVir7.11.6.2262011.04.21EXP/CVE-2011-0611.A
Avast4.8.1351.02011.04.21JS:Pdfka-gen
Avast55.0.677.02011.04.21JS:Pdfka-gen
BitDefender7.22011.04.21Gen:Trojan.Heur.LP.au8@ayxkO6ob
F-Secure9.0.16440.02011.04.21Gen:Trojan.Heur.LP.au8@ayxkO6ob
GData222011.04.21Gen:Trojan.Heur.LP.au8@ayxkO6ob
Kaspersky7.0.0.1252011.04.21Exploit.SWF.CVE-2011-0611.c
McAfee-GW-Edition2010.1D2011.04.21Heuristic.BehavesLike.Exploit.PDF.CodeExec.FFOO
NOD3260612011.04.21PDF/Exploit.Gen
Panda10.0.3.52011.04.21Exploit/PDF.Gen.B
MD5: 0d3584985627fa1c7b39c8cc8a870e58
SHA1: 3a29e57930bbfe4467b037c12e1f11a032e43420
SHA256: 773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec
File size: 44073 bytes
Scan date: 2011-04-21 16:45:14 (UTC)

No comments:

Post a Comment