Thursday, November 25, 2010

cve-2010-4091 exploited ? – 0.1

Trying to reversing the shell code contained within the PDF that seem exploit CVE-2010-4091, in according with the sample reported by MalwareTracker, it’s been founded the following URL:

http://212.117.168.89/ad/fi_16.php

image

From Robtex:

image

The URL above at this time is down or not more available. Did really exploited for retrieve malware from womens-puzzle.com ? :) .  Many Thanks to binjo for his support and tools.  For the PDF check my previous post: http://extraexploit.blogspot.com/2010/11/cve-2010-4091-exploited.html 

All this things continues to be weird and funny! (WOMENS-PUZZLE.COM :-) ).  IMPORTANT: The PDF reported is not sure that exploit, really, the CVE-2010-4091

No comments:

Post a Comment