Check Website
Inclusion Status
It is currently Sat Sep 21, 2019 5:08 am

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: CVE-2009-3459, CVE-2009-4324, and one PDF trick
PostPosted: Sat Dec 19, 2009 10:28 pm 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
CVE-2009-3459, CVE-2009-4324, and one PDF trick

Quote:
PDF exploits—mostly targeting Adobe Reader and Acrobat programs—are very commonly used on drive-by web sites. This situation is probably the result of the widespread use of the Adobe plugin, a rather large of number of vulnerabilities found in it, and reliable exploitation techniques.

Two recent vulnerabilities for which I have added detection in Wepawet are CVE-2009-3459 and CVE-2009-4324 (click on the links to see analysis reports of two malicious samples). The former is an integer overflow in the PDF parser, the latter is a bug in the JavaScript interpreter.

The analysis of malicious PDF files is often complicated by the use of various obfuscation (or better, “confusion”) techniques. In particular, malicious PDF files are often malformed: expected sections are missing entirely, others are truncated. The attacks are still successful because Adobe Reader does a good job at automatically repairing the damaged file. Of course, analysis tools are not necessarily as good at that.


Read more
http://www.cs.ucsb.edu/~marco/blog/2009 ... trick.html

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group