• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

CVE-2009-0927, P.O.C.?

C

Catter

Flightless Bird
I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927 pack,
when antivirus was disabled.
Although this pack marked as exploit and technical report note, I'm not
sure, can it contain link to real malware or virus when exploit executed?
pdf size is124KB

http://www.coromputer.net/CVE-2009-0927_package.zip
 
T

Tom Willett

Flightless Bird
You think anyone would be foolish enough to click on the link you posted?

"Catter" <catter@nospam.microsoft.news> wrote in message
news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
:I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
pack,
: when antivirus was disabled.
: Although this pack marked as exploit and technical report note, I'm not
: sure, can it contain link to real malware or virus when exploit executed?
: pdf size is124KB
:
:
 
C

Catter

Flightless Bird
"Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
> You think anyone would be foolish enough to click on the link you posted?
>
> "Catter" <catter@nospam.microsoft.news> wrote in message
> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
> pack,
> : when antivirus was disabled.
> : Although this pack marked as exploit and technical report note, I'm not
> : sure, can it contain link to real malware or virus when exploit
> executed?
> : pdf size is124KB
> :
> :
>

---------------
if you afraid click on link, how do you use Internet at all?
 
T

Tom Willett

Flightless Bird
: ---------------
: if you afraid click on link, how do you use Internet at all?

You really don't get it, do you? No wonder you get malware.
:
 
M

Michael

Flightless Bird
"Catter" <catter@nospam.microsoft.news> wrote in message
news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
>
> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
>> You think anyone would be foolish enough to click on the link you posted?
>>
>> "Catter" <catter@nospam.microsoft.news> wrote in message
>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
>> pack,
>> : when antivirus was disabled.
>> : Although this pack marked as exploit and technical report note, I'm not
>> : sure, can it contain link to real malware or virus when exploit
>> executed?
>> : pdf size is124KB
>> :
>> :
>>

> ---------------
> if you afraid click on link, how do you use Internet at all?


You posted a link to a file that may be a virus. You do the math, moron!
--


"Don't pick a fight with an old man.
If he is too old to fight, he'll just kill you."
 
E

Elmo

Flightless Bird
Michael wrote:
> "Catter" <catter@nospam.microsoft.news> wrote in message
> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
>>
>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
>>> You think anyone would be foolish enough to click on the link you
>>> posted?
>>>
>>> "Catter" <catter@nospam.microsoft.news> wrote in message
>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
>>> pack,
>>> : when antivirus was disabled.
>>> : Although this pack marked as exploit and technical report note, I'm
>>> not
>>> : sure, can it contain link to real malware or virus when exploit
>>> executed?
>>> : pdf size is124KB
>>> :
>>> :
>>>

>> ---------------
>> if you afraid click on link, how do you use Internet at all?

>
> You posted a link to a file that may be a virus. You do the math, moron!


No, he posted a link to a file that _contained_ a virus (or some type of
malware). Or at least that's how Avast! saw it. Since it was a .zip
file, I thought I'd click it, and just not unzip the file.. Avast!
caught it before the "page" loaded.

--
Joe =o)
 
M

Michael

Flightless Bird
"Elmo" <elmogeek@xxx.invalid> wrote in message
news:#4GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
> Michael wrote:
>> "Catter" <catter@nospam.microsoft.news> wrote in message
>> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
>>>
>>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
>>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
>>>> You think anyone would be foolish enough to click on the link you
>>>> posted?
>>>>
>>>> "Catter" <catter@nospam.microsoft.news> wrote in message
>>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
>>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
>>>> pack,
>>>> : when antivirus was disabled.
>>>> : Although this pack marked as exploit and technical report note, I'm
>>>> not
>>>> : sure, can it contain link to real malware or virus when exploit
>>>> executed?
>>>> : pdf size is124KB
>>>> :
>>>> :
>>>>
>>> ---------------
>>> if you afraid click on link, how do you use Internet at all?

>>
>> You posted a link to a file that may be a virus. You do the math, moron!

>
> No, he posted a link to a file that _contained_ a virus (or some type of
> malware). Or at least that's how Avast! saw it. Since it was a .zip
> file, I thought I'd click it, and just not unzip the file.. Avast!
> caught it before the "page" loaded.
>
> --
> Joe =o)


....and your point is?
--


"Don't pick a fight with an old man.
If he is too old to fight, he'll just kill you."
 
T

T Shadow

Flightless Bird
"Elmo" <elmogeek@xxx.invalid> wrote in message
news:%234GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
> Michael wrote:
>> "Catter" <catter@nospam.microsoft.news> wrote in message
>> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
>>>
>>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
>>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
>>>> You think anyone would be foolish enough to click on the link you
>>>> posted?
>>>>
>>>> "Catter" <catter@nospam.microsoft.news> wrote in message
>>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
>>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
>>>> pack,
>>>> : when antivirus was disabled.
>>>> : Although this pack marked as exploit and technical report note, I'm
>>>> not
>>>> : sure, can it contain link to real malware or virus when exploit
>>>> executed?
>>>> : pdf size is124KB
>>>> :
>>>> :
>>>>
>>> ---------------
>>> if you afraid click on link, how do you use Internet at all?

>>
>> You posted a link to a file that may be a virus. You do the math, moron!

>
> No, he posted a link to a file that _contained_ a virus (or some type of
> malware). Or at least that's how Avast! saw it. Since it was a .zip
> file, I thought I'd click it, and just not unzip the file.. Avast!
> caught it before the "page" loaded.
>
> --
> Joe =o)



"In all the excitement I can't remember, did I shoot five, or six? You've
got one question to ask yourself, do you feel lucky, punk? Well, ...
 
E

Elmo

Flightless Bird
T Shadow wrote:
> "Elmo" <elmogeek@xxx.invalid> wrote in message
> news:%234GvMV$1KHA.348@TK2MSFTNGP02.phx.gbl...
>> Michael wrote:
>>> "Catter" <catter@nospam.microsoft.news> wrote in message
>>> news:eXn4Am#1KHA.3652@TK2MSFTNGP04.phx.gbl...
>>>> "Tom Willett" <tom@youreadaisyifyoudo.com> wrote in message
>>>> news:elK9PK%231KHA.3868@TK2MSFTNGP06.phx.gbl...
>>>>> You think anyone would be foolish enough to click on the link you
>>>>> posted?
>>>>>
>>>>> "Catter" <catter@nospam.microsoft.news> wrote in message
>>>>> news:-OOlyZE91KHA.5972@TK2MSFTNGP06.phx.gbl...
>>>>> :I just accidentally run pdf file CVE-2009-0927.pdf, from CVE-2009-0927
>>>>> pack,
>>>>> : when antivirus was disabled.
>>>>> : Although this pack marked as exploit and technical report note, I'm
>>>>> not
>>>>> : sure, can it contain link to real malware or virus when exploit
>>>>> executed?
>>>>> : pdf size is124KB
>>>>> :
>>>>> :
>>>>>
>>>> ---------------
>>>> if you afraid click on link, how do you use Internet at all?
>>> You posted a link to a file that may be a virus. You do the math, moron!

>> No, he posted a link to a file that _contained_ a virus (or some type of
>> malware). Or at least that's how Avast! saw it. Since it was a .zip
>> file, I thought I'd click it, and just not unzip the file.. Avast!
>> caught it before the "page" loaded.
>>
>> --
>> Joe =o)

>
>
> "In all the excitement I can't remember, did I shoot five, or six? You've
> got one question to ask yourself, do you feel lucky, punk? Well, ...


Agreed, that was pretty risky.. I won't do that again. I noticed that
after I clicked the link, my download folder had an empty .zip file PLUS
an external file. I just didn't see how a .zip file could be dangerous
unless files were actually extracted and executed, but I seem to
remember reading in a Trend Micro newsletter about a couple of new
exploits, and I suspect this was one of them.

--
Joe =o)
 
Top