contagio: Apr 21 CVE-2011-0611 PDF - SWF Data requirements.pdf from williams.jennifer16@yahoo.com 65.49.2.181

Thursday, April 21, 2011

Apr 21 CVE-2011-0611 PDF - SWF Data requirements.pdf from williams.jennifer16@yahoo.com 65.49.2.181

Common Vulnerabilities and Exposures (CVE)number

CVE-2011-0611 -- Adobe Flash Player 10.2.153.1 and earlier for Windows, Macintosh, Linux, and Solaris; 10.2.154.25 and earlier for Chrome; and 10.2.156.12 and earlier for Android; Adobe AIR 2.6.19120 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, related to a size inconsistency in a "group of included constants," object type confusion, and Date objects, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011.

General File Information

File Name Data requirements.pdf

MD5: 0d3584985627fa1c7b39c8cc8a870e58
SHA1: 3a29e57930bbfe4467b037c12e1f11a032e43420
SHA256: 773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec
File size: 44073 bytes

File Type: PDF

Distribution: Email attachment

Download

Download -0d3584985627fa1c7b39c8cc8a870e58- as a password protected archive (contact me if you need the password)

Original Message

From: Jennifer Williams [mailto:williams.jennifer16@yahoo.com]
Sent: Thursday, April 21, 2011 10:05 AM
To: XXXXXX
Subject: Initialization

The attachment is only an initialization,some amendment should be made. Please give us some advice.

read more...

Message Headers

Received: (qmail 30851 invoked from network); 21 Apr 2011 14:04:34 -0000
Received: from nm21-vm2.bullet.mail.ne1.yahoo.com (HELO nm21-vm2.bullet.mail.ne1.yahoo.com) (98.138.91.209)
by XXXXXXXXXX 21 Apr 2011 14:04:34 -0000
Received: from [98.138.90.48] by nm21.bullet.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:35 -0000
Received: from [98.138.88.238] by tm1.bullet.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:34 -0000
Received: from [127.0.0.1] by omp1038.mail.ne1.yahoo.com with NNFMP; 21 Apr 2011 14:04:34 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 969874.96876.bm@omp1038.mail.ne1.yahoo.com
Received: (qmail 45108 invoked by uid 60001); 21 Apr 2011 14:04:34 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1303394674; bh=mWPFlhOqEevxD/USutv1mQ0yWR6RWNWW+bj7tayT2tI=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=ZSmVoUPCv4DlwBa5TkwMqFGuLdrYVIiM2QFpZTBqj7XDj4FpP5+osc0cIylTRJVMyvhI83rzSO7cBdppgYNafTIuopPjVaYK6i/1LwrJ4ujs7lsf9t2tGpKPA8/OtXwJl5mBu9HLd9mbtuyIYupgMrRl4RnomJrJPOMMDIVIZHs=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=Rb4GX1f/wGxRfbUv7BTAdUe/Jf05+hzjgWS9fWw1RzX+kXGEXF+oxShvxJJAx4LlzAEgP/CQ1gEB7Hhcg68SRx4w42DS/ommYViXAkP/6PUaMAIfYwwL4dPHFgvChFBZfcjVlMsRyN/xxb7Vj59FyMvrTvToNfqXrIbZ56+k6Qs=;
Message-ID: <876619.45077.qm@web121812.mail.ne1.yahoo.com>
X-YMail-OSG: 4HbWER8VM1nizqgbE3Lfcrusmqfyo_nIePs2QevnpfjJVPl
7.78dTRilSQrhDkPEoXmbWQsrfCkFTHTfBceE1_n1DljmJJxy2U7tz6TZatV
yIBe6CkT3rOek5RkZ0DCU3MGbxfxrMxp5llRs93ZEihOkDttJRH6cFb0aL_K
TJYV1YUQhe1M9IxMAWb0YsRvYlBOXVbbJ5P5JWVHZ_bgPc2_.mwlCNfaFdNX
grA.G9VGbo_z8VAx4sqQ0asXcBN5_n7xcqCSTZacOgh4I.wXZu6qIOZP6RLe
IJXS7uVejprUoEmie2zXZEGZJ0rNT7UaHlcOA1ZTS39ePIIKYnz2PT8yM
Received: from [65.49.2.181] by web121812.mail.ne1.yahoo.com via HTTP; Thu, 21 Apr 2011 07:04:34 PDT
X-Mailer: YahooMailRC/559 YahooMailWebService/0.8.110.299900
Date: Thu, 21 Apr 2011 07:04:34 -0700
From: Jennifer Williams
Subject: Initialization
To: XXXXXXXXXXXXXXXXXXXXXXX
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-2141358634-1303394674=:45077"

Sender

Hostname:   65.49.2.18
ISP:   Hurricane Electric
Organization:   Sophidea
Proxy:   Confirmed proxy server.
Type:   Corporate
Assignment:   Static IP
Country:   Anonymous Proxy

Automated Scans

Data requirements.pdf

http://www.virustotal.com/file-scan/report.html?id=773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec-1303404314#

Antivirus	Version	Last update	Result
AhnLab-V3	2011.04.22.00	2011.04.21	SWF/Exploit
AntiVir	7.11.6.226	2011.04.21	EXP/CVE-2011-0611.A
Antiy-AVL	2.0.3.7	2011.04.21	-
Avast	4.8.1351.0	2011.04.21	JS:Pdfka-gen
Avast5	5.0.677.0	2011.04.21	JS:Pdfka-gen
BitDefender	7.2	2011.04.21	Gen:Trojan.Heur.LP.au8@ayxkO6ob
CAT-QuickHeal	11.00	2011.04.21	-
ClamAV	0.97.0.0	2011.04.21	-
Commtouch	5.3.2.6	2011.04.21	-
Comodo	8424	2011.04.21	-
DrWeb	5.0.2.03300	2011.04.21	-
Emsisoft	5.1.0.5	2011.04.21	-
eSafe	7.0.17.0	2011.04.20	-
eTrust-Vet	36.1.8283	2011.04.21	-
F-Prot	4.6.2.117	2011.04.21	-
F-Secure	9.0.16440.0	2011.04.21	Gen:Trojan.Heur.LP.au8@ayxkO6ob
Fortinet	4.2.257.0	2011.04.21	-
GData	22	2011.04.21	Gen:Trojan.Heur.LP.au8@ayxkO6ob
Ikarus	T3.1.1.103.0	2011.04.21	-
Jiangmin	13.0.900	2011.04.21	-
K7AntiVirus	9.97.4451	2011.04.21	-
Kaspersky	7.0.0.125	2011.04.21	Exploit.SWF.CVE-2011-0611.c
McAfee	5.400.0.1158	2011.04.21	-
McAfee-GW-Edition	2010.1D	2011.04.21	Heuristic.BehavesLike.Exploit.PDF.CodeExec.FFOO
Microsoft	1.6802	2011.04.21	-
NOD32	6061	2011.04.21	PDF/Exploit.Gen
Norman	6.07.07	2011.04.21	-
Panda	10.0.3.5	2011.04.21	Exploit/PDF.Gen.B
PCTools	7.0.3.5	2011.04.20	-
Prevx	3.0	2011.04.21	-
Rising	23.54.03.06	2011.04.21	-
Sophos	4.64.0	2011.04.21	-
SUPERAntiSpyware	4.40.0.1006	2011.04.21	-
Symantec	20101.3.2.89	2011.04.21	-
TheHacker	6.7.0.1.180	2011.04.21	-
TrendMicro	9.200.0.1012	2011.04.21	-
TrendMicro-HouseCall	9.200.0.1012	2011.04.21	-
VBA32	3.12.16.0	2011.04.21	-
VIPRE	9077	2011.04.21	-
ViRobot	2011.4.21.4422	2011.04.21	-
VirusBuster	13.6.315.0	2011.04.21	-

MD5: 0d3584985627fa1c7b39c8cc8a870e58

SHA1: 3a29e57930bbfe4467b037c12e1f11a032e43420

SHA256: 773afdbd5a52aa2685857ccece94c2920e3bd9b74b2a2cfed86befc61b3b9dec

File size: 44073 bytes

Scan date: 2011-04-21 16:45:14 (UTC)

Pages