Jan 28 CVE-2009-4324 PEER REVIEW--Assessing Chinese Military Transparency from phillip.saunders74@yahoo.com Thu, 28 Jan 2010 05:01:50 PST

• CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Download c603dffd233f4c00e0ec6ffe85e52110- PEER REVIEW--Assessing Chinese Military Transparency.pdf as a password protected archive (contact me if you need the password)

• Details: c603dffd233f4c00e0ec6ffe85e52110- PEER REVIEW--Assessing Chinese Military Transparency.pdf

From: Phillip Saunders [mailto:phillip.saunders74@yahoo.com]

Sent: Thursday, January 28, 2010 8:02 AM
To: XXXXXXXXXXXXXXX
Subject: PEER REVIEW--Assessing Chinese Military Transparency

Morning,

Attached is a draft study that develops a methodology for assessing and comparing transparency based on defense white papers, applies that methodology to assess changes in Chinese transparency over time, and compares the transparency evident in China's defense white paper with that of other Asia-Pacific white papers.

It is envisoned as both an analytical tool, but also something that might support a productive dialogue with China and other countries about transparency.

Comments about the methodology and substantive findings are welcome.

Phillip

Headers
Received: from [69.197.151.114] by web113701.mail.gq1.yahoo.com via HTTP; Thu, 28 Jan 2010 05:01:50 PST
X-Mailer: YahooMailRC/272.7 YahooMailWebService/0.8.100.260964
Date: Thu, 28 Jan 2010 05:01:50 -0800 (PST)
From: Phillip Saunders
Subject: PEER REVIEW--Assessing Chinese Military Transparency
To: XXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-928444982-1264683710=:32069"

Lookup IP Address: 69.197.151.114
      Hostname:    server.gvd.tw
      ISP:    WholeSale Internet
      Organization:    Max Dmitry
      Country:    United States
      State/Region:    MO
      City:    Kansas City

Virustotal
http://www.virustotal.com/analisis/6d13a251750955cd6a8f3ac8f1c7e97ddc3abecb4b0be7ef396fcbeb43f196e6-1264737489

 File PEER_REVIEW--Assessing_Chinese_Mi received on 2010.01.29 03:58:09 (UTC)
Result: 7/40 (17.50%)
a-squared     4.5.0.50     2010.01.29     HTML.Malicious!IK
AntiVir     7.9.1.154     2010.01.28     HTML/Malicious.PDF.Gen
Avast     4.8.1351.0     2010.01.28     JS:Pdfka-gen
AVG     9.0.0.730     2010.01.28     Script/Exploit
Ikarus     T3.1.1.80.0     2010.01.29     HTML.Malicious
McAfee-GW-Edition     6.8.5     2010.01.28     Script.Malicious.PDF.Gen
Additional information
File size: 138030 bytes
MD5   : c603dffd233f4c00e0ec6ffe85e52110

Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=c603dffd233f4c00e0ec6ffe85e52110&type=js

Analysis report for PEER REVIEW--Assessing Chinese Military Transparency.pdf
File    PEER REVIEW--Assessing Chinese Military Transparency.pdf
MD5    c603dffd233f4c00e0ec6ffe85e52110
Analysis Started    2010-01-28 19:58:47
Report Generated    2010-01-29 01:47:56
Jsand 1.03.02    malicious
doc.media.newPlayer    Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2    CVE-2009-4324

ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=c603dffd233f4c00e0ec6ffe85e52110
Exploit method detected as pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324.
PDF Exploit suspicious use of util.printd CVE-2008-2992