Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on October 08, 2009, 07:52:43 pm

Title: Adobe 0day again
Post by: SysAdMini on October 08, 2009, 07:52:43 pm
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
Title: Re: Adobe 0day again
Post by: SysAdMini on October 09, 2009, 10:59:09 pm
New Adobe Zero-Day Exploit
http://blog.trendmicro.com/new-adobe-zero-day-exploit/
Title: Re: Adobe 0day again
Post by: CM_MWR on October 11, 2009, 02:03:39 pm
66753CADCB8BD537AF50F2AE92D7627B
Title: Re: Adobe 0day again
Post by: SysAdMini on October 11, 2009, 02:06:43 pm
66753CADCB8BD537AF50F2AE92D7627B

I have tested this sample multiple times in  VMWARE using AR 9.1.3. It didn't infect my machine.
AR sometimes crashed, nothing else.
Title: Re: Adobe 0day again
Post by: CM_MWR on October 11, 2009, 02:18:36 pm
So this means it doesnt work for everybody or just for you?

 ???

FFS, I wish I had a dollar for everytime I jumped the gun like that!  :D
Title: Re: Adobe 0day again
Post by: SysAdMini on October 11, 2009, 02:36:24 pm
So this means it doesnt work for everybody or just for you?

 ???

Someone else reported that it worked in about 10-15 % of his tests.
Title: Re: Adobe 0day again
Post by: CM_MWR on October 11, 2009, 04:58:38 pm
I dont think we ever really kept count, Id say 6 of 10 worked for the setup we had built based on target machines setup.
Title: Re: Adobe 0day again
Post by: SysAdMini on October 13, 2009, 07:34:22 pm
Latest PDF Zero Day Leads to Exploit Egg Hunt
http://www.avertlabs.com/research/blog/index.php/2009/10/13/latest-pdf-zero-day-leads-to-exploit-egg-hunt/
Title: Re: Adobe 0day again
Post by: SysAdMini on October 13, 2009, 09:43:27 pm
Update: PDFiD Version 0.0.9 to Detect Another Adobe 0Day
http://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/

Quote
PDFiD is updated to detect the latest Adobe 0day, CVE-2009-3459.

Iíll provide more details in an upcoming post, just now for know that PDFiD detects a /Colors name followed by a very big number (larger than 2^24 or 16777216).

(http://didierstevens.files.wordpress.com/2009/10/pdfid009.png?w=315&h=139)
Title: Re: Adobe 0day again
Post by: SysAdMini on October 14, 2009, 09:21:35 pm
Message from Didier Stevens on Twitter:

Quote
Not good! My PoC for CVE-2009-3459 still crashes Adobe Reader 9.2.0. Informed Adobe PSIRT