Clicky

Pages

Wednesday, April 20, 2011

Apr 16 CVE-2011-0611 DOC urgent files from 97.66.14.11

Common Vulnerabilities and Exposures (CVE)number

CVE-2011-0611 -- Adobe Flash Player 10.2.153.1 and earlier for Windows, Macintosh, Linux, and Solaris; 10.2.154.25 and earlier for Chrome; and 10.2.156.12 and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.

  General File Information

File network as Army's future in wars.docMD5: 0a494df9c8fb686255636b31f262e235
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2
File size :
212496 bytesType:  DOC
Distribution: Email attachment

Download


Original Message

 From: Bakshi Singh [mailto:afsc1974@yahoo.com]
Sent: Saturday, April 16, 2011 11:37 AM
To: XXXXXXXX
Subject: urgent files

Dear Sir

    Please see the attachment.

Message Headers


Received: (qmail 16671 invoked from network); 16 Apr 2011 15:37:10 -0000
Received: from nm4-vm0.bullet.mail.ne1.yahoo.com (HELO nm4-vm0.bullet.mail.ne1.yahoo.com) (98.138.90.253)
  by XXXXXXXXXXXXXXXXX; 16 Apr 2011 15:37:10 -0000
Received: from [98.138.90.55] by nm4.bullet.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:10 -0000
Received: from [98.138.88.234] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:09 -0000
Received: from [127.0.0.1] by omp1034.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:09 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 944119.31939.bm@omp1034.mail.ne1.yahoo.com
Received: (qmail 48206 invoked by uid 60001); 16 Apr 2011 15:37:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1302968229; bh=G/S+IFfMT1wgdMVD9PPJqEbMkDZqjSYfT4bVrOKyOo8=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=6hs0a2gJTZEOeKua3TK8V1BtaEMEJL6k+hb7agGlxdP5vpp05owIZXVHgbRj6QWSVyBfNKNJXCnrMIrwLFo9PbOClhkPv/BEHU6iOkKYMMyER1lOIUXnpeKmQM5xN0z/iSkROfG7zJxFEKxbm0yDs6rZrPkVvQgxk4Aoa8EsdrY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
  b=DM0aefGO9mQaau0nuVn+gC6e+/T7X2oygo5IXibHOlS6SefqrUnxEiBsVBRgWKJne+TNwt84kJMF+0f4pgxdeq6Q/6TQOUAVOxzZqZ69QSq8tpMKIwoGZUzAdXdq9KBJwtDXqIrQVQ5foU1C4zEmVToyYB47rpul4GUOkVl0qgA=;
Message-ID:  711399.48041.qm@web121416.mail.ne1.yahoo.com
X-YMail-OSG: WVdB7ysVM1lVHWm8qG.4RQoF8wHB4NGcAS3Qk1L4N3PyiFj
 W1guOqzPdboHZ2x40bc4YqVCpkNMbOGQpglHmQJOJbhL3.9YXbC_Vamd93AH
 jmapKGH_9Jd716KBomMt7JJnwtjn6DYeqVSN3GmPVr_fpgcMVWyujjTCUcdi
 .JBBTvJHAshsHtrw81GLY5dI5gha6S7FOriZLSPK1j2zTSqBQTtmQmqGku7K
 YFy_O5rCmJu.lsOD_r2suNJ7WvhcKd3MJCLIlQ3wBaOfcTjifTAsAbt440iJ
 zkwtgwqf3SO5br.o.vuP3v1t_zP4n_9LIwjjquwgScU9nP6TgzTif_bLiS0z
 H.VUIsXFLbQcbhvtqlA--
Received: from [97.66.14.11] by web121416.mail.ne1.yahoo.com via HTTP; Sat, 16 Apr 2011 08:37:09 PDT
X-Mailer: YahooMailClassic/12.0.2 YahooMailWebService/0.8.109.295617
Date: Sat, 16 Apr 2011 08:37:09 -0700
From: Bakshi Singh
Subject: urgent files
To: XXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2071408101-1302968229=:48041"



Sender

97.66.14.11
 Hostname:    97.66.14.11
ISP:    ITC Deltacom
Organization:    People and Logistic America
  State/Region:    Florida
City:    Miami

 Host names sharing IP with A records (3)
http://www.robtex.com/ip/97.66.14.11.html
ftp.google.zyns.com
google.zyns.com
www.google.zyns.com
google.zyns.com
Incoming mail for google.zyns.com is handled by one mail server at zyns.com. google.zyns.com has one IP number (97.66.14.11).
Ftp.google.zyns.com and www.google.zyns.com point to the same IP. Google.zyns.com use this as a mail server.
zyns.com

    Zyns.com is a domain controlled by three name servers at changeip.org. Two of them are on the same IP network. The primary name server is ns3.changeip.org. zyns.com has one IP number (204.16.173.30).
More information
google.zyns.com is hosted on a server in United States.
It is blacklisted in one list. Search for zyns.com.

 



Automated Scans

Antivirus Version Last update Result
AhnLab-V3 2011.04.18.00 2011.04.17 Dropper/Cve-2011-0611
Avast 4.8.1351.0 2011.04.17 SWF:CVE-2011-0609-C
Avast5 5.0.677.0 2011.04.17 SWF:CVE-2011-0609-C
Commtouch 5.2.11.5 2011.04.17 MSWord/Dropper.B!Camelot
DrWeb 5.0.2.03300 2011.04.18 Exploit.Wordbo.12
Emsisoft 5.1.0.5 2011.04.17 Exploit.SWF.CVE-2011!IK
eTrust-Vet 36.1.8274 2011.04.15 W97M/CVE-2011-0611!dropper
Fortinet 4.2.257.0 2011.04.17 MSWord/SWF.A!exploit.CVE20110611
GData 22 2011.04.17 SWF:CVE-2011-0609-C
Ikarus T3.1.1.103.0 2011.04.17 Exploit.SWF.CVE-2011
McAfee 5.400.0.1158 2011.04.18 Exploit-CVE2011-0611
McAfee-GW-Edition 2010.1D 2011.04.17 Exploit-CVE2011-0611
Microsoft 1.6702 2011.04.17 Exploit:SWF/CVE-2011-0611.A
Sophos 4.64.0 2011.04.17 Troj/DocDrp-A
Symantec 20101.3.2.89 2011.04.18 Trojan.Dropper
TrendMicro 9.200.0.1012 2011.04.17 TROJ_MDROP.SMJ
TrendMicro-HouseCall 9.200.0.1012 2011.04.18 TROJ_MDROP.SMJ
MD5: 0a494df9c8fb686255636b31f262e235
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2
SHA256: b5a51fa855a995e3ec39bd2893e8109cbc8578d313d907339420d4a56745ec6a
File size: 212496 bytes
Scan date: 2011-04-17 23:53:11 (UTC)

No comments:

Post a Comment