1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CVE-2009-0927, P.O.C.?

Discussion in 'Windows XP' started by Catter, Apr 9, 2010.

  1. Catter

    Catter Flightless Bird

    I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927 pack,
    when antivirus was disabled.
    Although this pack marked as exploit and technical report note, I'm not
    sure, can it contain link to real malware or virus when exploit executed?
    pdf size is124KB

    http://www.coromputer.net/CVE-2009-0927_package.zip
     
  2. Tom Willett

    Tom Willett Flightless Bird

    You think anyone would be foolish enough to click on the link you posted?

    "Catter" <catter@nospam.microsoft.news> wrote in message
    news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    pack,
    : when antivirus was disabled.
    : Although this pack marked as exploit and technical report note, I'm not
    : sure, can it contain link to real malware or virus when exploit executed?
    : pdf size is124KB
    :
    :
     
  3. Catter

    Catter Flightless Bird

    "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    > You think anyone would be foolish enough to click on the link you posted?
    >
    > "Catter" <catter@nospam.microsoft.news> wrote in message
    > news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    > :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    > pack,
    > : when antivirus was disabled.
    > : Although this pack marked as exploit and technical report note, I'm not
    > : sure, can it contain link to real malware or virus when exploit
    > executed?
    > : pdf size is124KB
    > :
    > :
    >

    ---------------
    if you afraid click on link, how do you use Internet at all?
     
  4. Tom Willett

    Tom Willett Flightless Bird

    : ---------------
    : if you afraid click on link, how do you use Internet at all?

    You really don't get it, do you? No wonder you get malware.
    :
     
  5. Michael

    Michael Flightless Bird

    "Catter" <catter@nospam.microsoft.news> wrote in message
    news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
    >
    > "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    > news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    >> You think anyone would be foolish enough to click on the link you posted?
    >>
    >> "Catter" <catter@nospam.microsoft.news> wrote in message
    >> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    >> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    >> pack,
    >> : when antivirus was disabled.
    >> : Although this pack marked as exploit and technical report note, I'm not
    >> : sure, can it contain link to real malware or virus when exploit
    >> executed?
    >> : pdf size is124KB
    >> :
    >> :
    >>

    > ---------------
    > if you afraid click on link, how do you use Internet at all?


    You posted a link to a file that may be a virus. You do the math, moron!
    --


    "Don't pick a fight with an old man.
    If he is too old to fight, he'll just kill you."
     
  6. Elmo

    Elmo Flightless Bird

    Michael wrote:
    > "Catter" <catter@nospam.microsoft.news> wrote in message
    > news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
    >>
    >> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    >> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    >>> You think anyone would be foolish enough to click on the link you
    >>> posted?
    >>>
    >>> "Catter" <catter@nospam.microsoft.news> wrote in message
    >>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    >>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    >>> pack,
    >>> : when antivirus was disabled.
    >>> : Although this pack marked as exploit and technical report note, I'm
    >>> not
    >>> : sure, can it contain link to real malware or virus when exploit
    >>> executed?
    >>> : pdf size is124KB
    >>> :
    >>> :
    >>>

    >> ---------------
    >> if you afraid click on link, how do you use Internet at all?

    >
    > You posted a link to a file that may be a virus. You do the math, moron!


    No, he posted a link to a file that _contained_ a virus (or some type of
    malware). Or at least that's how Avast! saw it. Since it was a .zip
    file, I thought I'd click it, and just not unzip the file.. Avast!
    caught it before the "page" loaded.

    --
    Joe =o)
     
  7. Michael

    Michael Flightless Bird

    "Elmo" <elmogeek@xxx.invalid> wrote in message
    news:#4GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
    > Michael wrote:
    >> "Catter" <catter@nospam.microsoft.news> wrote in message
    >> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
    >>>
    >>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    >>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    >>>> You think anyone would be foolish enough to click on the link you
    >>>> posted?
    >>>>
    >>>> "Catter" <catter@nospam.microsoft.news> wrote in message
    >>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    >>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    >>>> pack,
    >>>> : when antivirus was disabled.
    >>>> : Although this pack marked as exploit and technical report note, I'm
    >>>> not
    >>>> : sure, can it contain link to real malware or virus when exploit
    >>>> executed?
    >>>> : pdf size is124KB
    >>>> :
    >>>> :
    >>>>
    >>> ---------------
    >>> if you afraid click on link, how do you use Internet at all?

    >>
    >> You posted a link to a file that may be a virus. You do the math, moron!

    >
    > No, he posted a link to a file that _contained_ a virus (or some type of
    > malware). Or at least that's how Avast! saw it. Since it was a .zip
    > file, I thought I'd click it, and just not unzip the file.. Avast!
    > caught it before the "page" loaded.
    >
    > --
    > Joe =o)


    ....and your point is?
    --


    "Don't pick a fight with an old man.
    If he is too old to fight, he'll just kill you."
     
  8. T Shadow

    T Shadow Flightless Bird

    "Elmo" <elmogeek@xxx.invalid> wrote in message
    news:%234GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
    > Michael wrote:
    >> "Catter" <catter@nospam.microsoft.news> wrote in message
    >> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
    >>>
    >>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    >>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    >>>> You think anyone would be foolish enough to click on the link you
    >>>> posted?
    >>>>
    >>>> "Catter" <catter@nospam.microsoft.news> wrote in message
    >>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    >>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    >>>> pack,
    >>>> : when antivirus was disabled.
    >>>> : Although this pack marked as exploit and technical report note, I'm
    >>>> not
    >>>> : sure, can it contain link to real malware or virus when exploit
    >>>> executed?
    >>>> : pdf size is124KB
    >>>> :
    >>>> :
    >>>>
    >>> ---------------
    >>> if you afraid click on link, how do you use Internet at all?

    >>
    >> You posted a link to a file that may be a virus. You do the math, moron!

    >
    > No, he posted a link to a file that _contained_ a virus (or some type of
    > malware). Or at least that's how Avast! saw it. Since it was a .zip
    > file, I thought I'd click it, and just not unzip the file.. Avast!
    > caught it before the "page" loaded.
    >
    > --
    > Joe =o)



    "In all the excitement I can't remember, did I shoot five, or six? You've
    got one question to ask yourself, do you feel lucky, punk? Well, ...
     
  9. Elmo

    Elmo Flightless Bird

    T Shadow wrote:
    > "Elmo" <elmogeek@xxx.invalid> wrote in message
    > news:%234GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
    >> Michael wrote:
    >>> "Catter" <catter@nospam.microsoft.news> wrote in message
    >>> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
    >>>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
    >>>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
    >>>>> You think anyone would be foolish enough to click on the link you
    >>>>> posted?
    >>>>>
    >>>>> "Catter" <catter@nospam.microsoft.news> wrote in message
    >>>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
    >>>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
    >>>>> pack,
    >>>>> : when antivirus was disabled.
    >>>>> : Although this pack marked as exploit and technical report note, I'm
    >>>>> not
    >>>>> : sure, can it contain link to real malware or virus when exploit
    >>>>> executed?
    >>>>> : pdf size is124KB
    >>>>> :
    >>>>> :
    >>>>>
    >>>> ---------------
    >>>> if you afraid click on link, how do you use Internet at all?
    >>> You posted a link to a file that may be a virus. You do the math, moron!

    >> No, he posted a link to a file that _contained_ a virus (or some type of
    >> malware). Or at least that's how Avast! saw it. Since it was a .zip
    >> file, I thought I'd click it, and just not unzip the file.. Avast!
    >> caught it before the "page" loaded.
    >>
    >> --
    >> Joe =o)

    >
    >
    > "In all the excitement I can't remember, did I shoot five, or six? You've
    > got one question to ask yourself, do you feel lucky, punk? Well, ...


    Agreed, that was pretty risky.. I won't do that again. I noticed that
    after I clicked the link, my download folder had an empty .zip file PLUS
    an external file. I just didn't see how a .zip file could be dangerous
    unless files were actually extracted and executed, but I seem to
    remember reading in a Trend Micro newsletter about a couple of new
    exploits, and I suspect this was one of them.

    --
    Joe =o)
     

Share This Page