Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscríbase
Security Research

Exploit Targeting A 7 Year Old Vulnerability? Really?

image
THREATLABZ
julio 16, 2010 - 2 Min de lectura

We’ve actually spotted in-the-wild exploitation of “Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness” (Bugtraq ID 10514), a vulnerability first released in 2003. The exploit does get a little more modern as the code also targets vulnerability from 2009 (MS09-002). Here is a screenshot of the live infected page,

ImageThe malicious obfuscated JavaScript has been injected at the bottom of webpage. Let’s decode it. Here is the small part of the decoded script.

 

ImageFrom the above code, it is clear that it is targeting the ADODB.Stream vulnerability from 2003. Here is the other part of the decoded content which exploits the MS09-002 vulnerability.

ImageI am not going into the more details of this exploit as the code is pretty self explanatory. It is going to download additional malicious binaries and execute them on the system. The author who discovered this older ADODB.Stream vulnerability has posted a proof-of-concept. For those interested, an explanation of the MS09-002 vulnerability can be found here.

Virustotal results for the infected webpage show it being detected by 13 of 41 AV engines – not very impressive results for a seven year old vulnerability. It would appear that no matter how old vulnerabilities are, attackers will still try to leverage them as weapon. Hopefully most people have patched their systems at some point during the past seven years. Sadly, despite the age of the vulnerability, the use of JavaScript obfuscation has made this attack a challenge for AV vendors – a topic that we’ve discussed in the past.

Umesh

form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Al enviar el formulario, acepta nuestra política de privacidad.