PDF Exploits

显示全部楼层 · 发表于 2009-3-29 16:13:37

发现一些漏洞PDF版本不一样有PDF1.3的（那个stream压缩的话是zlib的x开头的那种）还有PDF1.4 PDF1.5的，他们压缩的是H开头的谁知道这几个版本的PDF文件有什么区别的

比如 readmes.pdf 是1.3的 pdf.pdf 是1.4的 us.pdf是1.5的这几个压缩的数据流状态不太一样

显示全部楼层 · 发表于 2009-3-29 16:14:23

来了

显示全部楼层 · 发表于 2009-3-29 16:15:17

Miss3个

显示全部楼层 · 发表于 2009-3-29 16:15:37

卡巴杀9漏3

已删除：木马程序 Exploit.Win32.Pidief.ang 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/readme.pdf
已删除：木马程序 Exploit.Win32.Pidief.ane 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/24.pdf
已删除：木马程序 Exploit.Win32.Pidief.and 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/33.pdf
已删除：木马程序 Exploit.Win32.Pidief.anc 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/pdfs.pdf
已删除：木马程序 Exploit.Win32.Pidief.anc 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/pdfss.pdf
已删除：木马程序 Exploit.Win32.Pidief.anh 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/readme1.pdf
已删除：木马程序 Exploit.Win32.Pidief.ani 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/readmes.pdf
已删除：木马程序 Exploit.Win32.Pidief.anf 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/readmesss.pdf
已删除：木马程序 Exploit.Win32.Pidief.gx 文件　: D:\软件\其它\v\k\new\新建文件夹\PDF_Exploits.rar/us.pdf

TO KL

显示全部楼层 · 发表于 2009-3-29 16:17:02

Starting the file scan:

Begin scan in 'D:\new\24.pdf'
D:\new\24.pdf
  [0] Archive type: PDF Stream
--> Object
   [DETECTION] Contains recognition pattern of the EXP/Pidief.ged.1 exploit
[NOTE]    A backup was created as '49fd2ef7.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\33.pdf'
D:\new\33.pdf
  [0] Archive type: PDF Stream
--> Object
   [DETECTION] Contains recognition pattern of the EXP/Pidief.ged.1 exploit
[NOTE]    A backup was created as '49fd2ef6.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\8z.pdf'
D:\new\8z.pdf
  [0] Archive type: PDF Stream
--> Object
   [DETECTION] Contains recognition pattern of the EXP/Pidief.QR.2 exploit
[NOTE]    A backup was created as '49fd2f3d.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\pdf.pdf'
D:\new\pdf.pdf
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE]    A backup was created as '4a352f27.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\pdfs.pdf'
D:\new\pdfs.pdf
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE]    A backup was created as '4b46c0d0.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\pdfss.pdf'
D:\new\pdfss.pdf
[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus
[NOTE]    A backup was created as '4a352f29.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\new\readme.pdf'
Begin scan in 'D:\new\readme1.pdf'
Begin scan in 'D:\new\readmes.pdf'
Begin scan in 'D:\new\readmess.pdf'
Begin scan in 'D:\new\readmesss.pdf'
Begin scan in 'D:\new\us.pdf'
D:\new\us.pdf
[DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus
[NOTE]    A backup was created as '49fd2f36.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年3月29日  16:18
Used time: 00:00 Minute(s)

The scan has been done completely.

   0 Scanned directories
   12 Files were scanned
   7 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   7 files were deleted
   0 Viruses and unwanted programs were repaired
   7 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   5 Files not concerned
   0 Archives were scanned
   0 Warnings
   7 Notes

显示全部楼层 · 发表于 2009-3-29 18:25:27

MISS TO DW
8z.pdf\data001 - infected with Exploit.PDF.119
pdf.pdf\data001 - infected with Exploit.PDF.2
pdf.pdf\data001 - infected with Exploit.PDF.2
\pdfss.pdf\data001 - infected with Exploit.PDF.2

显示全部楼层 · 发表于 2009-3-29 18:29:12

卡巴 The requested URL http://bbs.kafan.cn/attachment.p ... 2a&t=1238322518 is infected with Exploit.Win32.Pidief.ang virus

显示全部楼层 · 发表于 2009-3-29 18:34:10

卡巴斯基杀毒报告

扫描文件数：14

查杀（病毒、木马）数：1

详细杀毒报告列表：

2009-3-29 18:33:57 已删除: Exploit.Win32.Pidief.gx C:\Documents and Settings\Try\桌面\PDF Exploits.rar/us.pdf

显示全部楼层 · 发表于 2009-3-29 21:37:34

McAfee miss

显示全部楼层 · 发表于 2009-3-30 09:12:15

All to VB

[病毒样本] PDF Exploits

本帖子中包含更多资源