Sign of "CVE-2007-3896 [Expl] J" ..............

[polonus]

Hi malware fighters,

While trying to place a downloaded pdf file into a folder, avast warned me for sign of "CVE-2007-3896 ;Expl] J", see: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3896
I placed the file into the chest. I already updated to the latest known version of Adobe.
What more should I do? These Uri-handler problems with IE7 are driving me nuts, time for M$ to come up with a real solution, and not to blame it on other software that implement their crap.
Good thing avast save my glorious behind again. Thanks avast.

polonus

[DavidR]

It is nice to see that avast has a detection for this, though I'm not sure if it might not be an FP.

I would have though that this would have been something like a web shield detection coming from a modified URL to call the other application, rather than downloading it and only when it was put in a folder did it alert.

I'm not sure this exploit is actually in a pdf file, rather on the web page URL ?
Probably worth a visit to VirusTotal - Multi engine on-line virus scanner and confirm the detection. You can't do this with the file in the chest, you will need to move it out (export).

[polonus]

Hi DavidR,

Funny you say that because that crossed my mind as well - FP. Because why did not avast alarm when I downloaded it, but roars at me touching the bastard? Anyways cannot do any harm in the chest, and later I can do an online check on the files perimeters of the download.
I do not like it but occasionally when avast turns its head, I think "oh it is still doing its job"..

Ta,


polonus

[DavidR]

Whilst it can't do any harm in the chest I like to confirm detections and I don't feel comfortable until I have that done.

If an FP exists submit the sample so it doesn't potentially effect others.

[kubecj]

Polonus, please send the sample directly to me. I'd like to check if there may be FP, the method I used in the detection is quite generic.