Wednesday, April 20, 2011

Apr 16 CVE-2011-0611 DOC urgent files from

Common Vulnerabilities and Exposures (CVE)number

CVE-2011-0611 -- Adobe Flash Player and earlier for Windows, Macintosh, Linux, and Solaris; and earlier for Chrome; and and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.

  General File Information

File network as Army's future in wars.docMD5: 0a494df9c8fb686255636b31f262e235
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2
File size :
212496 bytesType:  DOC
Distribution: Email attachment


Original Message

 From: Bakshi Singh []
Sent: Saturday, April 16, 2011 11:37 AM
Subject: urgent files

Dear Sir

    Please see the attachment.

Message Headers

Received: (qmail 16671 invoked from network); 16 Apr 2011 15:37:10 -0000
Received: from (HELO (
  by XXXXXXXXXXXXXXXXX; 16 Apr 2011 15:37:10 -0000
Received: from [] by with NNFMP; 16 Apr 2011 15:37:10 -0000
Received: from [] by with NNFMP; 16 Apr 2011 15:37:09 -0000
Received: from [] by with NNFMP; 16 Apr 2011 15:37:09 -0000
X-Yahoo-Newman-Property: ymail-3
Received: (qmail 48206 invoked by uid 60001); 16 Apr 2011 15:37:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1302968229; bh=G/S+IFfMT1wgdMVD9PPJqEbMkDZqjSYfT4bVrOKyOo8=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=6hs0a2gJTZEOeKua3TK8V1BtaEMEJL6k+hb7agGlxdP5vpp05owIZXVHgbRj6QWSVyBfNKNJXCnrMIrwLFo9PbOClhkPv/BEHU6iOkKYMMyER1lOIUXnpeKmQM5xN0z/iSkROfG7zJxFEKxbm0yDs6rZrPkVvQgxk4Aoa8EsdrY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
X-YMail-OSG: WVdB7ysVM1lVHWm8qG.4RQoF8wHB4NGcAS3Qk1L4N3PyiFj
Received: from [] by via HTTP; Sat, 16 Apr 2011 08:37:09 PDT
X-Mailer: YahooMailClassic/12.0.2 YahooMailWebService/
Date: Sat, 16 Apr 2011 08:37:09 -0700
From: Bakshi Singh
Subject: urgent files
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2071408101-1302968229=:48041"

ISP:    ITC Deltacom
Organization:    People and Logistic America
  State/Region:    Florida
City:    Miami

 Host names sharing IP with A records (3)
Incoming mail for is handled by one mail server at has one IP number ( and point to the same IP. use this as a mail server. is a domain controlled by three name servers at Two of them are on the same IP network. The primary name server is has one IP number (
More information is hosted on a server in United States.
It is blacklisted in one list. Search for


Automated Scans

Antivirus Version Last update Result
AhnLab-V3 2011.04.18.00 2011.04.17 Dropper/Cve-2011-0611
Avast 4.8.1351.0 2011.04.17 SWF:CVE-2011-0609-C
Avast5 5.0.677.0 2011.04.17 SWF:CVE-2011-0609-C
Commtouch 2011.04.17 MSWord/Dropper.B!Camelot
DrWeb 2011.04.18 Exploit.Wordbo.12
Emsisoft 2011.04.17 Exploit.SWF.CVE-2011!IK
eTrust-Vet 36.1.8274 2011.04.15 W97M/CVE-2011-0611!dropper
Fortinet 2011.04.17 MSWord/SWF.A!exploit.CVE20110611
GData 22 2011.04.17 SWF:CVE-2011-0609-C
Ikarus T3. 2011.04.17 Exploit.SWF.CVE-2011
McAfee 5.400.0.1158 2011.04.18 Exploit-CVE2011-0611
McAfee-GW-Edition 2010.1D 2011.04.17 Exploit-CVE2011-0611
Microsoft 1.6702 2011.04.17 Exploit:SWF/CVE-2011-0611.A
Sophos 4.64.0 2011.04.17 Troj/DocDrp-A
Symantec 20101.3.2.89 2011.04.18 Trojan.Dropper
TrendMicro 2011.04.17 TROJ_MDROP.SMJ
TrendMicro-HouseCall 2011.04.18 TROJ_MDROP.SMJ
MD5: 0a494df9c8fb686255636b31f262e235
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2
SHA256: b5a51fa855a995e3ec39bd2893e8109cbc8578d313d907339420d4a56745ec6a
File size: 212496 bytes
Scan date: 2011-04-17 23:53:11 (UTC)

No comments:

Post a Comment