Common Vulnerabilities and Exposures (CVE)number
CVE-2011-0611 -- Adobe Flash Player 10.2.153.1 and earlier for Windows, Macintosh, Linux, and Solaris; 10.2.154.25 and earlier for Chrome; and 10.2.156.12 and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.
General File Information
File network as Army's future in wars.docMD5: 0a494df9c8fb686255636b31f262e235
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2
File size :212496 bytesType: DOC
Distribution: Email attachment
Download
Original Message
From: Bakshi Singh [mailto:afsc1974@yahoo.com]Sent: Saturday, April 16, 2011 11:37 AM
To: XXXXXXXX
Subject: urgent files
Dear Sir
Please see the attachment.
Message Headers
Received: (qmail 16671 invoked from network); 16 Apr 2011 15:37:10 -0000
Received: from nm4-vm0.bullet.mail.ne1.yahoo.com (HELO nm4-vm0.bullet.mail.ne1.yahoo.com) (98.138.90.253)
by XXXXXXXXXXXXXXXXX; 16 Apr 2011 15:37:10 -0000
Received: from [98.138.90.55] by nm4.bullet.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:10 -0000
Received: from [98.138.88.234] by tm8.bullet.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:09 -0000
Received: from [127.0.0.1] by omp1034.mail.ne1.yahoo.com with NNFMP; 16 Apr 2011 15:37:09 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 944119.31939.bm@omp1034.mail.ne1.yahoo.com
Received: (qmail 48206 invoked by uid 60001); 16 Apr 2011 15:37:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1302968229; bh=G/S+IFfMT1wgdMVD9PPJqEbMkDZqjSYfT4bVrOKyOo8=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=6hs0a2gJTZEOeKua3TK8V1BtaEMEJL6k+hb7agGlxdP5vpp05owIZXVHgbRj6QWSVyBfNKNJXCnrMIrwLFo9PbOClhkPv/BEHU6iOkKYMMyER1lOIUXnpeKmQM5xN0z/iSkROfG7zJxFEKxbm0yDs6rZrPkVvQgxk4Aoa8EsdrY=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=DM0aefGO9mQaau0nuVn+gC6e+/T7X2oygo5IXibHOlS6SefqrUnxEiBsVBRgWKJne+TNwt84kJMF+0f4pgxdeq6Q/6TQOUAVOxzZqZ69QSq8tpMKIwoGZUzAdXdq9KBJwtDXqIrQVQ5foU1C4zEmVToyYB47rpul4GUOkVl0qgA=;
Message-ID: 711399.48041.qm@web121416.mail.ne1.yahoo.com
X-YMail-OSG: WVdB7ysVM1lVHWm8qG.4RQoF8wHB4NGcAS3Qk1L4N3PyiFj
W1guOqzPdboHZ2x40bc4YqVCpkNMbOGQpglHmQJOJbhL3.9YXbC_Vamd93AH
jmapKGH_9Jd716KBomMt7JJnwtjn6DYeqVSN3GmPVr_fpgcMVWyujjTCUcdi
.JBBTvJHAshsHtrw81GLY5dI5gha6S7FOriZLSPK1j2zTSqBQTtmQmqGku7K
YFy_O5rCmJu.lsOD_r2suNJ7WvhcKd3MJCLIlQ3wBaOfcTjifTAsAbt440iJ
zkwtgwqf3SO5br.o.vuP3v1t_zP4n_9LIwjjquwgScU9nP6TgzTif_bLiS0z
H.VUIsXFLbQcbhvtqlA--
Received: from [97.66.14.11] by web121416.mail.ne1.yahoo.com via HTTP; Sat, 16 Apr 2011 08:37:09 PDT
X-Mailer: YahooMailClassic/12.0.2 YahooMailWebService/0.8.109.295617
Date: Sat, 16 Apr 2011 08:37:09 -0700
From: Bakshi Singh
Subject: urgent files
To: XXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2071408101-1302968229=:48041"
Sender
97.66.14.11
Hostname: 97.66.14.11
ISP: ITC Deltacom
Organization: People and Logistic America
State/Region: Florida
City: Miami
ISP: ITC Deltacom
Organization: People and Logistic America
State/Region: Florida
City: Miami
Host names sharing IP with A records (3)
http://www.robtex.com/ip/97.66.14.11.html
ftp.google.zyns.com
google.zyns.com
www.google.zyns.com
http://www.robtex.com/ip/97.66.14.11.html
ftp.google.zyns.com
google.zyns.com
www.google.zyns.com
google.zyns.com
Incoming mail for google.zyns.com is handled by one mail server at zyns.com. google.zyns.com has one IP number (97.66.14.11).
Ftp.google.zyns.com and www.google.zyns.com point to the same IP. Google.zyns.com use this as a mail server.
zyns.com
Zyns.com is a domain controlled by three name servers at changeip.org. Two of them are on the same IP network. The primary name server is ns3.changeip.org. zyns.com has one IP number (204.16.173.30).
More information
google.zyns.com is hosted on a server in United States.
It is blacklisted in one list. Search for zyns.com.
Incoming mail for google.zyns.com is handled by one mail server at zyns.com. google.zyns.com has one IP number (97.66.14.11).
Ftp.google.zyns.com and www.google.zyns.com point to the same IP. Google.zyns.com use this as a mail server.
zyns.com
Zyns.com is a domain controlled by three name servers at changeip.org. Two of them are on the same IP network. The primary name server is ns3.changeip.org. zyns.com has one IP number (204.16.173.30).
More information
google.zyns.com is hosted on a server in United States.
It is blacklisted in one list. Search for zyns.com.
Automated Scans
Antivirus | Version | Last update | Result |
---|---|---|---|
AhnLab-V3 | 2011.04.18.00 | 2011.04.17 | Dropper/Cve-2011-0611 |
Avast | 4.8.1351.0 | 2011.04.17 | SWF:CVE-2011-0609-C |
Avast5 | 5.0.677.0 | 2011.04.17 | SWF:CVE-2011-0609-C |
Commtouch | 5.2.11.5 | 2011.04.17 | MSWord/Dropper.B!Camelot |
DrWeb | 5.0.2.03300 | 2011.04.18 | Exploit.Wordbo.12 |
Emsisoft | 5.1.0.5 | 2011.04.17 | Exploit.SWF.CVE-2011!IK |
eTrust-Vet | 36.1.8274 | 2011.04.15 | W97M/CVE-2011-0611!dropper |
Fortinet | 4.2.257.0 | 2011.04.17 | MSWord/SWF.A!exploit.CVE20110611 |
GData | 22 | 2011.04.17 | SWF:CVE-2011-0609-C |
Ikarus | T3.1.1.103.0 | 2011.04.17 | Exploit.SWF.CVE-2011 |
McAfee | 5.400.0.1158 | 2011.04.18 | Exploit-CVE2011-0611 |
McAfee-GW-Edition | 2010.1D | 2011.04.17 | Exploit-CVE2011-0611 |
Microsoft | 1.6702 | 2011.04.17 | Exploit:SWF/CVE-2011-0611.A |
Sophos | 4.64.0 | 2011.04.17 | Troj/DocDrp-A |
Symantec | 20101.3.2.89 | 2011.04.18 | Trojan.Dropper |
TrendMicro | 9.200.0.1012 | 2011.04.17 | TROJ_MDROP.SMJ |
TrendMicro-HouseCall | 9.200.0.1012 | 2011.04.18 | TROJ_MDROP.SMJ |
MD5: 0a494df9c8fb686255636b31f262e235 |
SHA1: 3de2a13e52f8098cdc7c912fc22e5bfcb196d7c2 |
SHA256: b5a51fa855a995e3ec39bd2893e8109cbc8578d313d907339420d4a56745ec6a |
File size: 212496 bytes |
Scan date: 2011-04-17 23:53:11 (UTC) |
No comments:
Post a Comment