- CVE-2008-3005 Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
- MS08-043 – Critical This security update resolves four privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution. An attacker ... could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Critical for Excel 2000 SP3
Important for Excel 2002 SP3, Excel 2003 SP2, Excel 2003 SP3, Excel Viewer 2003, Excel Viewer 2003 SP3, Excel 2007, Excel 2007 SP1, Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats S1, Excel Viewer, and Microsoft Office SharePoint Server 2007.
This message was received from a spoofed email address of an official at the Foreign Ministry of Japan. The message came from China, it is crafted to install a remote administration tool known as Darkmoon (similar to ProRAT). I will post more details as soon as I can.
12月28日、岡田大臣は、モスクワにおいて、ラヴロフ外務大臣と日露外相会談を行うと共に、ナルィシュキン大統領府長官と会談したところ、結果概要は以下のとおり。
【ポイント】
●外相会談において、岡田大臣から、鳩山政権として政治と経済を車の両輪のように前進させたい、日露行動計画に基づき日露関係が進む一方、領土の帰属の問題について目に見える進展がない、領土問題について具体的な前進が図れるよう外相レベルでも努力しなくてはならない、ロシア側に帰属の問題について日本の立場を踏まえる形での対応を求めたい旨発言。
●ラヴロフ外相は、ロシア外交にとって日本との外交は優先事項であると説明しつつ、領土問題に関し、人為的に解決を遅らせるつもりはない、国際法及び第2次大戦の結果を踏まえる必要があると述べつつ、ロシア側の原則的立場を説明。
....................... see the full text in the end of the post. The text is actually copied from the website of the Foreign Ministry of Japan (here is the page from the Google cache)
【ポイント】
●外相会談において、岡田大臣から、鳩山政権として政治と経済を車の両輪のように前進させたい、日露行動計画に基づき日露関係が進む一方、領土の帰属の問題について目に見える進展がない、領土問題について具体的な前進が図れるよう外相レベルでも努力しなくてはならない、ロシア側に帰属の問題について日本の立場を踏まえる形での対応を求めたい旨発言。
●ラヴロフ外相は、ロシア外交にとって日本との外交は優先事項であると説明しつつ、領土問題に関し、人為的に解決を遅らせるつもりはない、国際法及び第2次大戦の結果を踏まえる必要があると述べつつ、ロシア側の原則的立場を説明。
....................... see the full text in the end of the post. The text is actually copied from the website of the Foreign Ministry of Japan (here is the page from the Google cache)
------------------------------------------------
Daisuke HASEGAWA
International Counter-Terrorism Cooperation Division Foreign Policy Bureau, Ministry of Foreign Affairs
TEL: 03-5501-8000 ext.4180, FAX: 03-5501-8205 daisuke_hasegawa@mofa.go.jp
Daisuke HASEGAWA
International Counter-Terrorism Cooperation Division Foreign Policy Bureau, Ministry of Foreign Affairs
TEL: 03-5501-8000 ext.4180, FAX: 03-5501-8205 daisuke_hasegawa@mofa.go.jp
Headers:
Received: from unknown (HELO mofa.go.jp) (218.67.146.244)
by xxxxx ; 29 Dec 2009 06:50:10 -0000
Received: from SSSSSS-2F0F04F3[192.168.1.84] by mofa.go.jp
with SMTP id 2F55449C; Tue, 29 Dec 2009 14:50:01 +0800
From: "daisuke_hasegawa@mofa.go.jp"
Subject: =?ISO-2022-JP?B?GyRCRnxPKjMwQWoycUNMRXkbKEI=?=
To: XXXXXXX
Content-Type: multipart/mixed;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf";
charset="iso-2022-jp"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: daisuke_hasegawa@mofa.go.jp
Date: Tue, 29 Dec 2009 14:50:11 +0800
X-Mailer: Foxmail 4.2 [cn]
by xxxxx ; 29 Dec 2009 06:50:10 -0000
Received: from SSSSSS-2F0F04F3[192.168.1.84] by mofa.go.jp
with SMTP id 2F55449C; Tue, 29 Dec 2009 14:50:01 +0800
From: "daisuke_hasegawa@mofa.go.jp"
Subject: =?ISO-2022-JP?B?GyRCRnxPKjMwQWoycUNMRXkbKEI=?=
To: XXXXXXX
Content-Type: multipart/mixed;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf";
charset="iso-2022-jp"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: daisuke_hasegawa@mofa.go.jp
Date: Tue, 29 Dec 2009 14:50:11 +0800
X-Mailer: Foxmail 4.2 [cn]
Robtex Whois
| 218.67.146.244
China
|
(none) | 218.67.128.0/17
CNC Group CHINA169 Tianjin Province Network
|
AS4837
China-Network-Communications-Group China Network Communications (CNC Group)
| ||||
| Hostname: | 218.67.146.244 |
| ISP: | CNCGROUP Tianjin province network |
| Organization: | CNCGROUP Tianjin province network |
| Country: | China 
|
| State/Region: | 28 |
| City: | Tianjin |
http://www.virustotal.com/analisis/afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc-1262102655
File 1229.xls received on 2009.12.29 16:04:15 (UTC)
Result: 4/41 (9.76%)
Authentium 5.2.0.5 2009.12.29 MSExcel/Dropper.B!Camelot
DrWeb 5.0.1.12222 2009.12.29 Office.Exploit
Norman 6.04.03 2009.12.29 ShellCode.A
TrendMicro 9.120.0.1004 2009.12.29 HEUR_OLEXP.B
File size: 86016 bytes
MD5 : 0e4e3c2d84a9bc726a50b3c91346fbb1
OfficeMalScanner v0.5 www.reconstructer.org
Workbook [TYPE: Stream - OFFSET: 0x200 - LEN: 13116]
SummaryInformation [TYPE: Stream - OFFSET: 0x3600 - LEN: 4096]
DocumentSummaryInformation [TYPE: Stream - OFFSET: 0x3600 - LEN: 4096]
FS:[30h] (Method 1) signature found at offset: 0x37a2
API-Hashing signature found at offset: 0x3ad1
Embedded OLE signature found at offset: 0x10a00
XOR encrypted MZ/PE signature found at offset: 0x5a00 - encryption KEY: 0x97
1229__EMBEDDED_OLE__OFFSET=0x10a00.bin
1229__PEFILE__OFFSET=0x5a00__XOR-KEY=0x97.bin
Sourcefire OFFICE CAT v2
VULNERABLE
OCID: 51
CVE-2008-3005
MS08-043
Type: Excel
Malformed FORMAT record
1229__PEFILE__OFFSET=0x5a00__XOR-KEY=0x97.bin
http://www.virustotal.com/analisis/f2cfed157e0758b6523cc5c0e35da7c898ad1878baa2b0c5be2fed41eec0fae3-1262105286 File 1229__PEFILE__OFFSET_0x5a00__XOR- received on 2009.12.29 16:48:06 (UTC)
Result: 11/41 (26.83%)
AhnLab-V3 5.0.0.2 2009.12.29 Win-Trojan/Agent.45056.AMQ
Antiy-AVL 2.0.3.7 2009.12.29 Trojan/Win32.Agent.gen
CAT-QuickHeal 10.00 2009.12.29 Trojan.Agent.cvpr
Comodo 3405 2009.12.29 TrojWare.Win32.Trojan.Agent.~IAZ
Jiangmin 13.0.900 2009.12.29 Trojan/Agent.cule
Kaspersky 7.0.0.125 2009.12.29 Trojan.Win32.Agent.dbzx
McAfee-GW-Edition 6.8.5 2009.12.29 Heuristic.LooksLike.Trojan.Agent.L
nProtect 2009.1.8.0 2009.12.29 Trojan/W32.Agent.45056.TM
Sophos 4.49.0 2009.12.29 Troj/DarkMoon-B
TrendMicro 9.120.0.1004 2009.12.29 BKDR_POISON.SME
ViRobot 2009.12.29.2114 2009.12.29 Trojan.Win32.Agent.45056.HO
VirusBuster 5.0.21.0 2009.12.29 -
Additional information
File size: 45056 bytes
MD5 : b6b9a229349244b5129adbc82246f1fa
File malicious payload -
Darkmoon RAT (Remote Administration Tool)
http://www.pakbugs.com/programs-scripts/69-darkmoon-v4-11-rat.html
Google Translation
Japanese to English translation
[Points]
● In the meeting of Ministers, Minister Okada, want to drive a car like the wheels of political and economic power as Hatoyama, while forward-Russia relations based on Japan-Russia Action Plan, tangible progress on the territorial issue of the attribution of not without some effort at foreign minister level to reach a tangible progress on the territorial issue should not be, want to find support in the form stated Japan's position to be based on the Russian side about the issue of attribution.
● Foreign Ravurofu is for diplomacy between Japan and Russia's foreign policy priorities while explaining that, with regard to the territorial issue, will not artificially delay the resolution, the first international law and must be based on the results of two World War II being said, explain the principles of the Russian position.
● Minister Okada, President Medvedev, Prime Minister Vladimir Putin, should aim to move forward without missing a prime opportunity to have all the faces that Hatoyama, said Foreign Minister should address each other particularly well.
● between Ministers, agreed to initiate a dialogue for peace and stability between Afghanistan and Russia. The early matches hold strategic dialogue with Russia.
● At the meeting with Chief Minister Naruishukin Okada is consistent with the need to accelerate negotiations on the territorial issue. Minister Okada, who introduced the passage from the late Solzhenitsyn advocated to resolve the territorial dispute between Japan and Russia.
1. Japan-Russia foreign ministerial meeting (10 am at half-time)
(1) basic policy on Japan-Russia relations (including the territorial issue.)
(B) the Minister Okada, Hatoyama as the government, at the same time want to move forward to give effect to the political and economic wheels of the car, Pursuant to the place between the two leaders confirmed the tangible progress on the territorial issue attached sheet stated.
In response, Foreign Minister Ravurofu is for diplomacy between Japan and Russia has said diplomacy is a priority effect, was adopted in January 2003 "Japan-Russia Action Plan" is still valid, according to Japan-Russia relations plan stated aim is to develop.
(B) from the Minister Okada, while forward-Russia relations based on Japan-Russia Action Plan, emphasizing that the problem is that there is no tangible progress in the attribution of territorial issues, the two leaders move forward concrete To maximize, we have pointed out the importance of efforts by the two foreign ministers called for the support given the position of Japan in the form of belonging to the Russian side about the issue.
In response, Foreign Minister Ravurofu, with respect to the territorial issue, ① will not artificially delay the resolution, ② of international law and must be based on the results of two World War, ③ the Prime Minister to President Putin, Medvedev also, there is political will to seek a solution acceptable to both, ④ stated to expect that ended in an emotional exchange was seen briefly in the talks both sides.
(C) As a result, the Minister Okada, Japan-Russia relations is more abundant, but the original should be involved, hence there is a territorial dispute that the real relationship of trust and 深Maranai exchanges between Japan and Russia The regrettable fact said, and should discuss the issue of the attribution of the island is now 4, President Medvedev, Prime Minister Vladimir Putin, should aim to move forward without missing a prime opportunity to have all the faces that Hatoyama, so strong among foreign ministers stated and would like to discuss.
(2) initiation of a dialogue towards peace and stability in Russia in Afghanistan
Ministers, to address the threat of terrorism, to support nation-building in Afghanistan, it is important that cooperative efforts by neighboring countries to begin a dialogue for peace and stability in Afghanistan between Russia match.
(3) political dialogue in the future
Japan-Russia Strategic Dialogue (Vice Minister level) early next year we agreed to hold.
(4) the international situation
(B) with regard to North Korea, Foreign Minister Ravurofu, have seen recent signs of softening in the North showed that in view of the idea of dialogue could be resumed soon. The abduction issue, said that there was a clear understanding of the position of the Japanese side.
(B) regarding Iran's nuclear issue, Foreign Minister Ravurofu, the effectiveness of sanctions when they saw a dim future, depending on the response of Iran, and there will be additional discussions about the UN sanctions If the remarks had the effect that Russia is willing to even discuss.
Two. Naruishukin presidential meeting with the minister (13:20 to 14:00)
(1) from the Secretary Naruishukin, "Hatoyama administration and holding hands, want to be a major step forward in relations between Russia Hatoyama administration" had a message to the Prime Minister Hatoyama said. In addition, Rubin said, but it has been an intensive dialogue among leaders this year, which shows the importance of meaningful strategic relationship with Russia, and had said.
(2) from the Minister Okada, Hatoyama during a recent courtesy call on Prime Minister Naruishukin, pointed out that in relation to public opinion in Russia is difficult, the late Mr. Solzhenitsyn (Note) in his book "Among the ruins of Russia" in the in the introduction that will appeal to Russia's interests to resolve the territorial dispute with Japan in the east to get a friend of Russia, delivered personally to the Commissioner of Naruishukin Appendix for reference. Also said the right to convey to President Medvedev.
(Note) widely known as a patriot of Russia. He quoted the words of political repression during Stalin criticized recently by President Medvedev.
(3) from the Minister Okada, the two leaders have a mind is a powerful desire to resolve the territorial dispute in their own generation, as well as a solid effort to give effect to achieve these feelings, in order to accelerate the negotiations The effect should be pointed out that the leadership of the two leaders. In response, Secretary Naruishukin is not stated and should accelerate the work of all officials of the territorial dispute.
(Appendix)
Solzhenitsyn's work "among the ruins of Russia" (1998) in describing the relationship between Japan and Russia (excerpt)
"Our government is relieved, the South Kuril Islands (Kuril Islands), the issue has taken a consistent stance. This attitude, however, too stupid, which is inexcusable. The Russian recklessly transferred to Ukraine and Kazakhstan in dozens of states are vast, from the late 80's in my administration has 取Ri入Tsu stage of international politics in the United States. Yet, like other exceptional cases from bigotry and arrogance of patriotism and ESSEY that the return of the Kuril Islands to Japan has refused to come. that Russia had to belong to these islands and was once the ownership of the pre-revolutionary Russia was also claimed that once (Gorovunin captain in the early 19th century, the 1855 Admiral Putyatin was recognized borders are currently claimed by Japan. 1904 attacks in Japan last year, when the domestic game from the interference of Russia's excuse was that he had an injury, which was signed in 1941 expires five years was "neutral" to break the treaty that Japan attacked the Soviet Union, the contempt exactly Should we even arguing with). As if Russia's future is at stake, keep a 抱Ekon these islands. To request the return of these islands are Japan's land is a narrow, national honor, Wei
Because M is related to a major problem. The problem is far beyond the issue of fishery resources in the area. Good agreement was signed a fishery resource issues. In the coming century, could not find a friend to the west and south of Russia, if you will ever feel uncomfortable, good-neighborly relations can be considered fully realized this, and even friendly relations 斥Keru There is no reason for anything. "
Contribute a better translation
No comments:
Post a Comment