Bugix Security has a goodbreak down on the exploit, it uses of two SWF files embedded in an XLS
Filename: crsenvironscan.xlsThe first SWF provide a heap spray and sets up memory....the second SWF is loaded and appear to trigger the bug (possible vuln in the way Flash Player parser)
MD5 Hash: 4BB64C1DA2F73DA11F331A96D55D63E2
The dropped EXE is encrypted….
Filename: a.exeAccording to VT, the dropped malware has zero AV detection as of 3/15/11 14:46 GMT
Size: 46,048 bytes
MD5 Hash: 1e09970c9bf2ca08ee48f8b2e24f6c44