Jan 25 CVE-2009-4324 / CVE-2007-5659.+ Senate Hearing from:jpodesta@fastmail.fm Mon, 25 Jan 2010 08:26:21 -0500

• CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2, and possibly earlier versions, allows remote attackers to execute arbitrary code using ZLib compressed streams, as exploited in the wild in December 2009. 
• CVE-2007-5659 Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. 

Download F40376D0C1EB19A7774D32D6229D0465-_Principles_of_U.S._Engagement_in_Asia.pdf as a password protected archive (contact me for the password, if you need it) 

• Details F40376D0C1EB19A7774D32D6229D0465-_Principles_of_U.S._Engagement_in_Asia.pdf

 Our friends are back to work

-----Original Message-----
From: John Podesta [mailto:jpodesta@fastmail.fm]
Sent: 2010-01-25 8:26 AM
To: XXXXXXXXXXX
Subject: Senate Hearing

Colleague,

Please find a brief summary attached from the Senate Foreign Relations hearing on U.S. engagement in Asia. If you have any questions, let me know.

Best,

John

--
http://www.fastmail.fm - Does exactly what it says on the tin

Headers

Received: from web5.messagingengine.com ([10.202.2.214])
  by compute2.internal (MEProxy); Mon, 25 Jan 2010 08:26:21 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:subject:date; s=smtpout; bh=ng4E/QdtxV52NTUAT6gbX2Ew3F4=; b=E+0YqT6P96wnUiPL1KNReFQgdedM7m6qy+gJ9TmcrB5CXkmeEUkmXwXcdbosmxc718UjqekIHDjBLh7KmoKv7xMIwCbbc66R331JAEDidLAZPmsirzfyOibUOomr0UBbgZQPCBblE9CyDLpS+JeeQkn39Yr/2BAlL+C6EGqBxEY=
Received: by web5.messagingengine.com (Postfix, from userid 99)
    id 4BBFC13C6D4; Mon, 25 Jan 2010 08:26:21 -0500 (EST)
Message-Id: <1264425981.3853.1356427399@webmail.messagingengine.com>
X-Sasl-Enc: 288Nt5DLYAY30Gwky/FEfHiS1HJH/n/PNyw8xtVHdQO/ 1264425981
From: "John Podesta" << fake
To: XXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_126442598138531"
X-Mailer: MessagingEngine.com Webmail Interface
Subject: Senate Hearing
Disposition-Notification-To: "John Podesta"
Date: Mon, 25 Jan 2010 05:26:21 -0800

Virustotal
 http://www.virustotal.com/analisis/7d6062f6fcdc71fa731e4c19c085ad5f0ad9433538f55c03a45915ac5e4ff95e-1264440096
File Principles_of_U.S._Engagement_in_ received on 2010.01.25 17:21:36 (UTC)
Result: 4/40 (10.00%)
AntiVir 7.9.1.150 2010.01.25 HTML/Malicious.PDF.Gen
eSafe 7.0.17.0 2010.01.25 PDF.Exploit
McAfee-GW-Edition 6.8.5 2010.01.25 Script.Malicious.PDF.Gen
NOD32 4805 2010.01.25 PDF/Exploit.Gen
Additional information
File size: 148870 bytes
MD5   : f40376d0c1eb19a7774d32d6229d0465


Wepawet
http://wepawet.iseclab.org/view.php?hash=f40376d0c1eb19a7774d32d6229d0465&type=js
File Principles of U.S. Engagement in Asia.pdf
MD5 f40376d0c1eb19a7774d32d6229d0465
Analysis Started 2010-01-25 09:28:27
Report Generated 2010-01-25 09:29:33
Jsand 1.03.02 malicious
doc.media.newPlayer Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2 CVE-2009-4324

ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=f40376d0c1eb19a7774d32d6229d0465
EXECUTABLE SCAN: Embedded Executable (xor/full)
REPORT: https://www.vicheck.ca/md5query.php?hash=f40376d0c1eb19a7774d32d6229d0465
Encrypted embedded executable with a key of 256 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659.
Confidence ranking: 100 (14 hits).
PDF Exploit suspicious use of util.printd CVE-2008-2992 [util.printd]