- CVE-2009-0927 Stack-based buffer overflow in Adobe via getIcon method of a Collab object, a different vulnerability than CVE-2009-0658 - March 2009.
- CVE-2007-5659 Multiple buffer overflows in Adobe via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
Possible MalWare 'Exploit/Zordle.gen' found in '5963792_3X_PM5_EMS_MA-PDF__Obama=20visit=20Asia.pdf'. Heuristics score: 201
From: "[REMOVED]" [mailto:098@gmail.com
Sent: Friday, November 6, 2009 8:38:57 AM GMT -05:00 US/Canada Eastern
Subject: Obama's visit to Asia
Dear Colleagues,
With the upcoming Obama's visit to Asia, please find the attached paper for your kind reference.
Should you have any questions, please contact me.
Best regards,
--
signature here [REMOVED]
File Obama_visit_Asia.pdf received on 2009.11.06 18:05:36 (UTC)
Current status: finished
Result: 4/41 (9.76%)
| Antivirus | Version | Last Update | Result | 
|---|---|---|---|
| a-squared | 4.5.0.41 | 2009.11.06 | - | 
| AhnLab-V3 | 5.0.0.2 | 2009.11.06 | - | 
| AntiVir | 7.9.1.59 | 2009.11.06 | - | 
| Antiy-AVL | 2.0.3.7 | 2009.11.05 | - | 
| Authentium | 5.2.0.5 | 2009.11.06 | PDF/Pidief.O | 
| Avast | 4.8.1351.0 | 2009.11.06 | - | 
| AVG | 8.5.0.423 | 2009.11.06 | - | 
| BitDefender | 7.2 | 2009.11.06 | Exploit.PDF-JS.Gen | 
| CAT-QuickHeal | 10.00 | 2009.11.06 | - | 
| ClamAV | 0.94.1 | 2009.11.06 | - | 
| Comodo | 2862 | 2009.11.06 | - | 
| DrWeb | 5.0.0.12182 | 2009.11.06 | - | 
| eSafe | 7.0.17.0 | 2009.11.05 | - | 
| eTrust-Vet | 35.1.7107 | 2009.11.06 | - | 
| F-Prot | 4.5.1.85 | 2009.11.06 | - | 
| F-Secure | 9.0.15370.0 | 2009.11.04 | Exploit.PDF-JS.Gen | 
| Fortinet | 3.120.0.0 | 2009.11.06 | - | 
| GData | 19 | 2009.11.06 | Exploit.PDF-JS.Gen | 
| Ikarus | T3.1.1.74.0 | 2009.11.06 | - | 
| Jiangmin | 11.0.800 | 2009.11.06 | - | 
| K7AntiVirus | 7.10.890 | 2009.11.06 | - | 
| Kaspersky | 7.0.0.125 | 2009.11.06 | - | 
| McAfee | 5793 | 2009.11.05 | - | 
| McAfee+Artemis | 5794 | 2009.11.06 | - | 
| McAfee-GW-Edition | 6.8.5 | 2009.11.06 | - | 
| Microsoft | 1.5202 | 2009.11.06 | - | 
| NOD32 | 4580 | 2009.11.06 | - | 
| Norman | 6.03.02 | 2009.11.06 | - | 
| nProtect | 2009.1.8.0 | 2009.11.06 | - | 
| Panda | 10.0.2.2 | 2009.11.05 | - | 
| PCTools | 7.0.3.5 | 2009.11.06 | - | 
| Prevx | 3.0 | 2009.11.06 | - | 
| Rising | 21.54.44.00 | 2009.11.06 | - | 
| Sophos | 4.47.0 | 2009.11.06 | - | 
| Sunbelt | 3.2.1858.2 | 2009.11.06 | - | 
| Symantec | 1.4.4.12 | 2009.11.06 | - | 
| TheHacker | 6.5.0.2.062 | 2009.11.05 | - | 
| TrendMicro | 9.0.0.1003 | 2009.11.06 | - | 
| VBA32 | 3.12.10.11 | 2009.11.06 | - | 
| ViRobot | 2009.11.6.2025 | 2009.11.06 | - | 
| VirusBuster | 4.6.5.0 | 2009.11.06 | - | 
| File | Obama visit Asia.pdf | 
|---|---|
| MD5 | 33aa28b079b33c1609f9096ee78e73c8 | 
| Analysis Started | 2009-11-06 12:10:45 | 
| Report Generated | 2009-11-06 12:10:53 | 
| Jsand version | 1.03.02 | 
Detection results
| Detector | Result | 
|---|---|
| Jsand 1.03.02 | malicious | 
Exploits
| Name | Description | Reference | 
|---|---|---|
| Adobe Collab overflow | Multiple Adobe Reader and Acrobat buffer overflows | CVE-2007-5659 | 
| Adobe getIcon | Stack-based buffer overflow in Adobe Reader and Acrobat via the getIcon method of a Collab object | CVE-2009-0927 | 
Official Adobe announcement about the fix
Upgrade it.
Security Updates available for Adobe Reader and Acrobat
Release date: March 18, 2009
Last Updated: April 9, 2009
Vulnerability identifier: APSB09-04
CVE number: CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062
Platform: All Platforms
SummaryCritical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658).
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.
These updates resolve the issue from Security Advisory APSA09-01 and Security Bulletin APSB09-03. Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action.
As of March 24, Adobe has also made available the Adobe Reader 9.1 and Adobe Reader 8.1.4 updates for Unix.
Affected software versionsAdobe Reader 9 and earlier versions
Adobe Acrobat 9 Standard, Pro, and Pro Extended and earlier versions
http://www.adobe.com/support/security/bulletins/apsb09-04.html
 


 
No comments:
Post a Comment