10 - TA13-141A

Executive Summary

Informations
Name	TA13-141A	First vendor Publication	2013-05-20
Vendor	US-CERT	Last vendor Modification	2013-05-22
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

On May 16, 2013, US-CERT was notified that both www.federalnewsradio[.]com and www.wtop[.]com had been compromised to redirect Internet Explorer users to an exploit kit. As of May 17, 2013, US-CERT analysis confirms that no malicious code remains on either site.

Description

The compromised websites were modified to contain a hidden iframe referencing a JavaScript file on a dynamic-DNS host. The file returned from this site was identified as the Fiesta exploit kit. The kit uses one of several known vulnerabilities to attempt to download an executable:

CVE-2009-0927: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat

CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat

CVE-2013-0422 : Multiple vulnerabilities in Oracle Java 7 before Update 11

Any systems visiting running vulnerable versions of Adobe Reader or Acrobat or Oracle Java may have been compromised.

Impact

The exploit kit, once successful, delivers and executes a known variant of the ZeroAccess Trojan. Additionally, according to open source reporting, the malware also downloads and installs a variant of FakeAV/Kazy malware.

The ZeroAccess Trojan attempts to beacon to one of two hardcoded command-and-control addresses, 194[.]165[.]17[.]3 and 209[.]68[.]32[.]176. The beaconing occurs using an HTTP GET using the Opera/10 user-agent string.

After beaconing, the malware then downloads a custom Microsoft Cabinet file and the malware uses port 16464/udp to connect to the peer-to-peer network. This cabinet file contains several lists of IP addresses, as well as a fake flash installer.

Solution

Apply Updates

Updated software that addresses the vulnerabilities referenced in this incident has been available for years. It is imperative to apply current security updates to software that is commonly targeted by attackers.

Adobe provided updates for the Adobe Reader and Acrobat vulnerabilities (CVE-2009-0927 and CVE-2010-0188) in Adobe Security Bulletins APSB09-04 and APSB10-07 respectively.

Oracle released Oracle Security Alert for CVE-2013-0422 to address the Java vulnerability.

In order to defend against additional vulnerabilities, install the most recent versions of Adobe Reader, Acrobat, and Oracle Java. At the time of publication, Adobe Security Bulletin APSB13-15 documents current security updates for Adobe Reader and Acrobat, and Oracle Java SE Critical Patch Update Advisory - April 2013 documents vulnerabilities addressed by Java 7 Update 21.

Identify Compromised Systems

Monitor activity to the following IP addresses as a potential indicator of compromise where permitted and practical:

209[.]68[.]32[.]176

194[.]165[.]17[.]3

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA13-141A.html

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-264	Permissions, Privileges, and Access Controls
33 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
33 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18151

Oval ID:	oval:org.mitre.oval:def:18151
Title:	USN-1693-1 -- openjdk-7 vulnerabilities
Description:	OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet.
Family:	unix	Class:	patch
Reference(s):	USN-1693-1 CVE-2012-3174 CVE-2013-0422	Version:	7
Platform(s):	Ubuntu 12.10	Product(s):	openjdk-7
Definition Synopsis:
Ubuntu 12.10 is installed Packages match section icedtea-7-jre-cacao DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1 AND icedtea-7-jre-jamvm DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1 AND openjdk-7-jre DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1 AND openjdk-7-jre-headless DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1 AND openjdk-7-jre-lib DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1 AND openjdk-7-jre-zero DPKG is earlier than 7u9-2.3.4-0ubuntu1.12.10.1

Definition Id: oval:org.mitre.oval:def:20562

Oval ID:	oval:org.mitre.oval:def:20562
Title:	RHSA-2013:0156: java-1.7.0-oracle security update (Critical)
Description:	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0156-01 CVE-2012-3174 CVE-2013-0422	Version:	31
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	java-1.7.0-oracle
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-oracle is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.11-1jpp.3.el6_3

Definition Id: oval:org.mitre.oval:def:20822

Oval ID:	oval:org.mitre.oval:def:20822
Title:	RHSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description:	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family:	unix	Class:	patch
Reference(s):	RHSA-2013:0165-01 CESA-2013:0165 CVE-2012-3174 CVE-2013-0422	Version:	31
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND CentOS Linux 6.x Packages section java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x Packages section java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.el5_9.1

Definition Id: oval:org.mitre.oval:def:22083

Oval ID:	oval:org.mitre.oval:def:22083
Title:	ELSA-2010:0114: acroread security and bug fix update (Critical)
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188	Version:	13
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:9.3.1-1.el5 AND acroread is earlier than 0:9.3.1-1.el5

Definition Id: oval:org.mitre.oval:def:22136

Oval ID:	oval:org.mitre.oval:def:22136
Title:	RHSA-2010:0114: acroread security and bug fix update (Critical)
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0114-01 CVE-2010-0186 CVE-2010-0188	Version:	29
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	acroread
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section acroread-plugin is earlier than 0:9.3.1-1.el5 AND acroread is earlier than 0:9.3.1-1.el5

Definition Id: oval:org.mitre.oval:def:22747

Oval ID:	oval:org.mitre.oval:def:22747
Title:	ELSA-2008:0974: acroread security update (Critical)
Description:	Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0974-01 CVE-2008-2549 CVE-2008-2992 CVE-2008-4812 CVE-2008-4813 CVE-2008-4814 CVE-2008-4815 CVE-2008-4817 CVE-2009-0927	Version:	37
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:8.1.3-1.el5 AND acroread is earlier than 0:8.1.3-1.el5

Definition Id: oval:org.mitre.oval:def:23455

Oval ID:	oval:org.mitre.oval:def:23455
Title:	DEPRECATED: ELSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description:	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0165-01 CVE-2012-3174 CVE-2013-0422	Version:	14
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.1.el6_3 OR rpm test Oracle Linux 5.x AND rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.el5_9.1

Definition Id: oval:org.mitre.oval:def:23559

Oval ID:	oval:org.mitre.oval:def:23559
Title:	ELSA-2013:0165: java-1.7.0-openjdk security update (Important)
Description:	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0165-01 CVE-2012-3174 CVE-2013-0422	Version:	13
Platform(s):	Oracle Linux 6 Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 6.x AND rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.1.el6_3 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.1.el6_3 OR rpm test Oracle Linux 5.x AND rpm test java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.4.el5_9.1 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.4.el5_9.1

Definition Id: oval:org.mitre.oval:def:23877

Oval ID:	oval:org.mitre.oval:def:23877
Title:	ELSA-2013:0156: java-1.7.0-oracle security update (Critical)
Description:	Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
Family:	unix	Class:	patch
Reference(s):	ELSA-2013:0156-01 CVE-2012-3174 CVE-2013-0422	Version:	13
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-oracle is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-src is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.11-1jpp.3.el6_3 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.11-1jpp.3.el6_3

Definition Id: oval:org.mitre.oval:def:27449

Oval ID:	oval:org.mitre.oval:def:27449
Title:	DEPRECATED: ELSA-2013-0165 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033
Family:	unix	Class:	patch
Reference(s):	ELSA-2013-0165 CVE-2012-3174 CVE-2013-0422	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.4.0.1.el5_9.1 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.4.0.1.el5_9.1 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.4.0.1.el5_9.1 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.4.0.1.el5_9.1 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.4.0.1.el5_9.1 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.9-2.3.4.1.0.1.el6_3 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.9-2.3.4.1.0.1.el6_3 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.9-2.3.4.1.0.1.el6_3 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.9-2.3.4.1.0.1.el6_3 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.9-2.3.4.1.0.1.el6_3

Definition Id: oval:org.mitre.oval:def:8697

Oval ID:	oval:org.mitre.oval:def:8697
Title:	Adobe Reader and Acrobat Null Pointer Dereference Denial of Service Vulnerability
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0188	Version:	16
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.1 AND Adobe Reader library is less than 8.2.1 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.1 AND Adobe Reader library is less than 9.3.1 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.1 AND Adobe Acrobat library is less than 8.2.1 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.1 AND Adobe Acrobat library is less than 9.3.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:9.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9:::::::* cpe:2.3:a:adobe:acrobat_reader:8.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:security_update:::::: cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1::windows::::: cpe:2.3:a:adobe:acrobat_reader:8.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1.0:::::::* cpe:2.3:a:adobe:acrobat_reader:7.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.8:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:7.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.4::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.3:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.3::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.2:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.2::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0.1:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:6.0:::::::* cpe:2.3:a:adobe:acrobat_reader:6.0::reader_extensions::::: cpe:2.3:a:adobe:acrobat_reader:6.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.1:::::::* cpe:2.3:a:adobe:acrobat_reader:5.1::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.9:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.9::unix::::: cpe:2.3:a:adobe:acrobat_reader:5.0.7:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.6:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.5::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0.11:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0.10::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:5.0:::::::* cpe:2.3:a:adobe:acrobat_reader:5.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5c::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5a:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5a::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0.5:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0.5::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:4.0:::::::* cpe:2.3:a:adobe:acrobat_reader:4.0::for_mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:3.02:::::::* cpe:2.3:a:adobe:acrobat_reader:3.01:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0:::::::* cpe:2.3:a:adobe:acrobat_reader:3.0::mac_os_x::::: cpe:2.3:a:adobe:acrobat_reader:::::::: cpe:2.3:a:adobe:acrobat_reader:::::classic:::*	83
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.7.0:update4:::::: cpe:2.3:a:oracle:jdk:1.7.0:-:::::: cpe:2.3:a:oracle:jdk:1.7.0:update1:::::: cpe:2.3:a:oracle:jdk:1.7.0:update2:::::: cpe:2.3:a:oracle:jdk:1.7.0:update3:::::: cpe:2.3:a:oracle:jdk:1.7.0:update5:::::: cpe:2.3:a:oracle:jdk:1.7.0:update7:::::: cpe:2.3:a:oracle:jdk:1.7.0:update6:::::: cpe:2.3:a:oracle:jdk:1.7.0:update9:::::: cpe:2.3:a:oracle:jdk:1.7.0:update10::::::	10
Application	Oracle Jre cpe:2.3:a:oracle:jre:1.7.0:update1:::::: cpe:2.3:a:oracle:jre:1.7.0:update2:::::: cpe:2.3:a:oracle:jre:1.7.0:-:::::: cpe:2.3:a:oracle:jre:1.7.0:update4:::::: cpe:2.3:a:oracle:jre:1.7.0:update3:::::: cpe:2.3:a:oracle:jre:1.7.0:update5:::::: cpe:2.3:a:oracle:jre:1.7.0:update7:::::: cpe:2.3:a:oracle:jre:1.7.0:update6:::::: cpe:2.3:a:oracle:jre:1.7.0:update10:::::: cpe:2.3:a:oracle:jre:1.7.0:update9::::::	10

SAINT Exploits

Description	Link
Adobe Acrobat JavaScript getIcon method buffer overflow	More info here
Adobe Reader Libtiff TIFFFetchShortPair Stack Buffer Overflow	More info here
Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape	More info here

ExploitDB Exploits

id	Description
2013-01-11	Java Applet JMX Remote Code Execution
2009-09-03	Adobe Acrobat/Reader < 7.1.1/8.1.3/9.1 Collab getIcon Universal Exploit

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl
2010-02-26	Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_lin.nasl
2010-02-26	Name : Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows) File : nvt/secpod_adobe_prdts_code_exec_vuln_feb10_win.nasl
2009-06-05	Name : Ubuntu USN-743-1 (gs-gpl) File : nvt/ubuntu_743_1.nasl
2009-06-05	Name : Ubuntu USN-744-1 (lcms) File : nvt/ubuntu_744_1.nasl
2009-04-28	Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl
2009-04-20	Name : Gentoo Security Advisory GLSA 200904-17 (acroread) File : nvt/glsa_200904_17.nasl
2009-03-31	Name : SuSE Security Advisory SUSE-SA:2009:014 (acroread) File : nvt/suse_sa_2009_014.nasl
2009-03-03	Name : Buffer Overflow Vulnerability in Adobe Reader (Linux) File : nvt/secpod_adobe_prdts_bof_vuln_lin.nasl
2009-03-03	Name : Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win) File : nvt/secpod_adobe_prdts_bof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
62526	Adobe Reader / Acrobat LibTiff Overflow
53647	Adobe Acrobat getIcon() Function PDF Handling Overflow A buffer overflow exists in Acrobat and Reader. The getIcon() method fails to validate string arguments resulting in a stack overflow. With a specially crafted PDF file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2015-04-30	Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT
2015-04-30	Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT
2014-11-16	CottonCastle exploit kit Oracle java outbound connection RuleID : 31278 - Revision : 2 - Type : EXPLOIT-KIT
2014-11-16	CottonCastle exploit kit Oracle Java outbound connection RuleID : 31277 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30	Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28890 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28889 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28888 - Revision : 2 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 28887 - Revision : 2 - Type : FILE-PDF
2014-01-10	Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Win.Trojan.Bspire variant connection RuleID : 28439 - Revision : 5 - Type : MALWARE-CNC
2014-01-10	Himan exploit kit payload - Adobe Reader compromise RuleID : 28308 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit payload download RuleID : 27889 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit payload download RuleID : 27888 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 9 RuleID : 27880 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Teletubbies exploit kit exploit attempt for Adobe Acrobat Reader 8 RuleID : 27879 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nailed exploit kit jmxbean remote code execution exploit download - autopwn RuleID : 27083 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834-community - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page in.php base64 uri RuleID : 26834 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Goon/Infinity/Redkit exploit kit short jar request RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit short JNLP request RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit encrypted binary download RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26804 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit landing page - specific structure RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit pdf download detection RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit landing page received RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit jar download detection RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit java exploit request RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page redirection RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	TDS redirection - may lead to exploit kit RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit obfuscated portable executable RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit java exploit delivery RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit java exploit request RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit payload requested RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page redirection RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Watering Hole Campaign applet download RuleID : 26294 - Revision : 5 - Type : FILE-OTHER
2014-01-10	Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Impact exploit kit landing page RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26233 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26232 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page RuleID : 26094 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Crimeboss exploit kit - Java exploit download RuleID : 26039 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Crimeboss exploit kit - Java exploit download RuleID : 26038 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 25989 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit landing page RuleID : 25988 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit redirection RuleID : 25971 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Oracle Java JMX class arbitrary code execution attempt RuleID : 25834 - Revision : 6 - Type : FILE-JAVA
2014-01-10	Oracle Java malicious class download attempt RuleID : 25833 - Revision : 6 - Type : FILE-JAVA
2014-01-10	Oracle Java JMX class arbitrary code execution attempt RuleID : 25832 - Revision : 7 - Type : FILE-JAVA
2014-01-10	Oracle Java JMX class arbitrary code execution attempt RuleID : 25831 - Revision : 5 - Type : FILE-JAVA
2014-01-10	Oracle Java malicious class download attempt RuleID : 25830 - Revision : 12 - Type : FILE-JAVA
2014-01-10	Whitehole exploit kit landing page RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Whitehole exploit kit Java exploit retrieval RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Whitehole exploit kit malicious jar download attempt RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Red Dot executable retrieval attempt RuleID : 25540 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Red Dot java retrieval attempt RuleID : 25539 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Red Dot landing page RuleID : 25538 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 25475 - Revision : 8 - Type : FILE-PDF
2014-01-10	Oracle Java JMX class arbitrary code execution attempt RuleID : 25473 - Revision : 6 - Type : FILE-JAVA
2014-01-10	Oracle Java JMX class arbitrary code execution attempt RuleID : 25472 - Revision : 12 - Type : FILE-JAVA
2014-01-10	Sweet Orange exploit kit obfuscated payload download RuleID : 25391 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25390 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25389 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit malicious jar archive download RuleID : 25302 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	redirect to malicious java archive attempt RuleID : 25301 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Redkit exploit kit redirection attempt RuleID : 25255 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 25044 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page detected RuleID : 24888 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - JAR redirection RuleID : 24840 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange exploit kit landing page - specific structure RuleID : 24839 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange User-Agent - contype RuleID : 24838 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Sweet Orange initial landing page RuleID : 24837 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Possible malicious Jar download attempt - specific-structure RuleID : 24798-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Possible malicious Jar download attempt - specific-structure RuleID : 24798 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23612 - Revision : 11 - Type : FILE-PDF
2014-01-10	JavaScript contained in an xml template embedded in a pdf attempt RuleID : 23611 - Revision : 10 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23524 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 23523 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malicious TIFF remote code execution attempt RuleID : 23522 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 23521 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible unknown malicious PDF RuleID : 23520 - Revision : 5 - Type : FILE-PDF
2014-01-10	Possible malicious pdf cve-2010-0188 string RuleID : 23519 - Revision : 3 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23518 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 23517 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Acrobat JavaScript getIcon method buffer overflow attempt RuleID : 23503 - Revision : 4 - Type : FILE-PDF
2014-01-10	Adobe Acrobat JavaScript getIcon method buffer overflow attempt RuleID : 23502 - Revision : 4 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader javascript getIcon method buffer overflow attempt RuleID : 23501 - Revision : 6 - Type : FILE-PDF
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10	Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Possible malicious pdf cve-2010-0188 string RuleID : 21537 - Revision : 4 - Type : FILE-PDF
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Possible unknown malicious PDF RuleID : 21453 - Revision : 7 - Type : FILE-PDF
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Possible unknown malicious PDF RuleID : 21429 - Revision : 10 - Type : FILE-PDF
2014-01-10	Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Adobe Acrobat Reader malicious TIFF remote code execution attempt RuleID : 20577 - Revision : 13 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 18585 - Revision : 13 - Type : FILE-PDF
2014-01-10	Adobe Acrobat JavaScript getIcon method buffer overflow attempt RuleID : 17472 - Revision : 9 - Type : FILE-PDF
2014-01-10	Adobe Acrobat JavaScript getIcon method buffer overflow attempt RuleID : 17471 - Revision : 9 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 17215 - Revision : 12 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt RuleID : 17214 - Revision : 12 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader javascript getIcon method buffer overflow attempt RuleID : 16554 - Revision : 17 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed TIFF remote code execution attempt RuleID : 16490 - Revision : 15 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-47.nasl - Type : ACT_GATHER_INFO
2014-01-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-03-13	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO
2013-03-12	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO
2013-02-22	Name : The remote host contains a programming platform that is potentially affected ... File : oracle_java7_update11_unix.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1693-1.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130116_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Fedora host is missing a security update. File : fedora_2013-0888.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Fedora host is missing a security update. File : fedora_2013-0868.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO
2013-01-17	Name : The remote Fedora host is missing a security update. File : fedora_2013-0853.nasl - Type : ACT_GATHER_INFO
2013-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0156.nasl - Type : ACT_GATHER_INFO
2013-01-14	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java7_update11.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6161.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6879.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6121.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6881.nasl - Type : ACT_GATHER_INFO
2010-09-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-03-04	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-100225.nasl - Type : ACT_GATHER_INFO
2010-02-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0114.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb10-07.nasl - Type : ACT_GATHER_INFO
2010-02-17	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-07.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-090325.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-090415.nasl - Type : ACT_GATHER_INFO
2009-08-28	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_91.nasl - Type : ACT_GATHER_INFO
2009-08-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0974.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-090325.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-090325.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-17.nasl - Type : ACT_GATHER_INFO
2009-03-27	Name : The remote openSUSE host is missing a security update. File : suse_acroread-6120.nasl - Type : ACT_GATHER_INFO
2009-03-11	Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_91.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-24 17:19:02	Multiple Updates
2013-05-24 17:19:01	Multiple Updates
2013-05-24 13:18:26	Multiple Updates
2013-05-24 09:18:28	Multiple Updates
2013-05-24 05:18:29	Multiple Updates
2013-05-24 00:18:21	Multiple Updates
2013-05-23 21:18:43	Multiple Updates
2013-05-23 17:19:02	Multiple Updates
2013-05-23 13:19:13	Multiple Updates
2013-05-23 09:19:05	Multiple Updates
2013-05-23 05:18:58	Multiple Updates
2013-05-23 00:19:08	Multiple Updates
2013-05-23 00:19:07	First insertion

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	11
CPE ID(s)	103
Saint Exploit(s)	3
osvdb(s)	2
ExploitDB Exploit(s)	2
Openvas Exploit(s)	10
Snort® Rule(s)	339
Nessus® Exploit(s)	38

	Related
10	CVE-2013-0422
9.3	CVE-2010-0188
9.3	CVE-2009-0927
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)