Tuesday, March 15, 2011

CVE-2011-0609 - Adobe Flash Player ZeroDay

Found some additional information related to the Adobe Flash Zero-day exploit and the dropped malware….

Bugix Security has a goodbreak down on the exploit, it uses of two SWF files embedded in an XLS
http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html

Filename: crsenvironscan.xls
Size:126,444 bytes
MD5 Hash: 4BB64C1DA2F73DA11F331A96D55D63E2
The first SWF provide a heap spray and sets up memory....the second SWF is loaded and appear to trigger the bug (possible vuln in the way Flash Player parser)

The dropped EXE is encrypted….

Filename: a.exe
Size: 46,048 bytes
MD5 Hash: 1e09970c9bf2ca08ee48f8b2e24f6c44
According to VT, the dropped malware has zero AV detection as of 3/15/11 14:46 GMT
http://www.virustotal.com/file-scan/report.html?id=62db3743cc62c66a4b8806d8fe23966472b9841b7d91e9025f474990bd88cc89-1300200408
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)