Tuesday, March 15, 2011

CVE-2011-0609 - Adobe Flash Player ZeroDay

Found some additional information related to the Adobe Flash Zero-day exploit and the dropped malware….

Bugix Security has a goodbreak down on the exploit, it uses of two SWF files embedded in an XLS

Filename: crsenvironscan.xls
Size:126,444 bytes
MD5 Hash: 4BB64C1DA2F73DA11F331A96D55D63E2
The first SWF provide a heap spray and sets up memory....the second SWF is loaded and appear to trigger the bug (possible vuln in the way Flash Player parser)

The dropped EXE is encrypted….

Filename: a.exe
Size: 46,048 bytes
MD5 Hash: 1e09970c9bf2ca08ee48f8b2e24f6c44
According to VT, the dropped malware has zero AV detection as of 3/15/11 14:46 GMT

No comments:

Post a Comment