Jan. 5 CVE-2009-4324 Adobe 0 Day [NYTimes.com]Large Oil Spill Reported in China from nytimes2010@hotmail.com Tue, 5 Jan 2010 04:58:37 +0000

• CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2, and possibly earlier versions, allows remote attackers to execute arbitrary code using ZLib compressed streams, as exploited in the wild in December 2009. 

Download  CVE-2009-4324 samples (Password protected archives. Use the same password you used on the samples above or contact me for the password)

• Details: Large Oil Spill Reported in China.pdf - 490be4598299ca1dc27e9a04351c22ba

The message sender was

    nytimes2010@hotmail.com

The message originating IP was 65.55.34.86 The message recipients were

    XXXX@XXXXX.XXX

The message was titled [NYTimes.com]Large Oil Spill Reported in China The message date was Tue, 5 Jan 2010 04:58:37 +0000 The message identifier was
The virus or unauthorised code identified in the email is:
Bloodhound.Exploit.288
 

From: TYTimes News [mailto:nytimes2010@hotmail.com]
Sent: Monday, January 04, 2010 11:07 PM
To: XXXXX@XXXX.XXX
Subject: [NYTimes.com]Large Oil Spill Reported in China


By DAVID BARBOZA
Published: January 5, 2010

SHANGHAI — A large oil spill in northwest China has heavily polluted a tributary of the Yellow River, and threatens to reach one of the country’s longest and most important sources of water.

China’s state-run news media said late Saturday that a “large amount” of diesel oil had leaked out of a pipeline last Thursday in Shaanxi Province.

...... 
•   NYTIMES.COM
•  For general help questions, please send us an e-mail using this form.
•  Comments or feedback about our Web site? Please send us an e-mail using this form.
•  For a possible correction, or to reach the Web site's editorial staff, you can send an e-mail.
•  For questions about posting comments on the site, there is an FAQ.
•  To reach Martin Nisenholtz, the Sr. V.P. of Digital Operations, you can send an e-mail.

________________________________________
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you.

Headers:

Received: from COL121-W20 ([65.55.34.72]) by col0-omc2-s2.col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
     Mon, 4 Jan 2010 20:06:52 -0800
Message-ID:
Return-Path: nytimes2010@hotmail.com
Content-Type: multipart/mixed;
    boundary="_317eba42-29a2-4d57-90e4-2a410f9bfc32_"
X-Originating-IP: [211.186.243.21]
From: TYTimes News
To: XXXXXXXXXXXXXXXXXXX
Subject: [NYTimes.com]Large Oil Spill Reported in China
Date: Tue, 5 Jan 2010 04:06:52 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 05 Jan 2010 04:06:52.0743 (UTC) FILETIME=[832A3570:01CA8DBC]

Hostname: 211.186.243.21
ISP: KRNIC
Organization: Hanaro Telecom, Inc.
Country: Korea, Republic of  
City: Seoul


Virustotal
http://www.virustotal.com/analisis/d474cb176a75ed022bf417ebe648ac04a2df7cb217601d11faa868b6a311db89-1262671629
File Large_Oil_Spill_Reported_in_China received on 2010.01.05 06:07:09 (UTC)
Result: 8/41 (19.52%)
AhnLab-V3    5.0.0.2    2010.01.05    PDF/CVE-2009-4324
BitDefender    7.2    2010.01.05    Exploit.PDF-JS.Gen
F-Secure    9.0.15370.0    2010.01.05    Exploit.PDF-JS.Gen
GData    19    2010.01.05    Exploit.PDF-JS.Gen
Kaspersky    7.0.0.125    2010.01.05    Exploit.JS.Pdfka.ayb
Sophos    4.49.0    2010.01.05    Troj/PDFJs-B
Symantec    20091.2.0.41    2010.01.05    Bloodhound.Exploit.288
TrendMicro    9.120.0.1004    2010.01.05    TROJ_PIDIEF.SMC
Additional information
File size: 952205 bytes
MD5...: 490be4598299ca1dc27e9a04351c22ba



Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=490be4598299ca1dc27e9a04351c22ba&type=js

 File    Large Oil Spill Reported in China.pdf
MD5    490be4598299ca1dc27e9a04351c22ba
Analysis Started    2010-01-04 22:40:28
Report Generated    2010-01-04 22:40:33
Jsand 1.03.02    malicious
doc.media.newPlayer    Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2    CVE-2009-4324