![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI-InY60APGQRPUeni2BLw7KxRhlser9epe6lQD5MQbojIDQDzoD3BabSKRosyq_ZaKf3hNpU5M5tjw2D4eodbBDE_JsnaihKKkXCe82Ze6-MvsOi0aGtYreg8WPDDFbNGmpvwb3dfpCw/s320/logo.png)
Update: Adobe Released the patch yesterday and I posted a few samples below. There were several campaigns with two variants -
1) unencrypted (some are not working - see explanation below)
2) AESV3 encrypted (try to use Origami to decrypt these). Each of the posted samples are marked by their 'type"
CVE-2011-2462 the new Adobe Zero files come with the same payload we saw in CVE-2010-3654 Adobe Flash player zero day vulnerability, trojan Sykipot - using the same technique with injecting a DLL file into
iexplore, or firefox.exe, or outlook.exe and communicating with hXXps://www.prettylikeher.com/asp/kys_allow_get.asp?name=getkys.kys over HTTPS. Brandon Dixon from 9bplus.com posted a great initial analysis of Java script and payload from a file with this exploit, I am just adding a few additional details.