Bug patched at firefox 3.6.12 .
Update your browser !
Firefox exploit from the wild
working on windows xp firefox version 3.6.8 - 3.6.11
source code of exploit
virustotal scan results
Friday, October 29, 2010
Thursday, October 28, 2010
New Adobe 0day (bug in flash player),CVE-2010-3654
New bug, successful exploitation of latest adobe reader 9.4.0.195 and flash player 10.1.85.3.
Remotely exploitable.
Adobe confirms exploit http://www.adobe.com/support/security/advisories/apsa10-05.html
Bug exist in authplay.dll
Already vulnerability actively exploited in the wild against Adobe Reader.
Look at Mila's Blog:
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
Exploit from the wild successful works under Adobe Reader 9.4.0 on windows xp.
pdf size 241,679 bytes.
Swf file size -22,946 bytes.
swf decompiled looks like
this is curvedPolygon.
possibly related to
http://www.flashandmath.com/basic/drawpathCS4/example3.html
Exploit use js heap spray
source code of heap spray
http://pastebin.com/kKBaQnuU
nop slide 0x58585858
exploit feel memory as showed in image
Exploit use ROP technic to allocate memory end copy shellcode.
http://pastebin.com/ax3mdmNh
shellcode drops in %temp% directory
~.exe , ~temp.bat, pdf named same as pdf.
dropped files are located here
http://www.mediafire.com/?asf501lfmtv3s0e
Password is "infected" .
to be continued ...
Subscribe to:
Posts (Atom)
