VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Exploit In The Wild For MS06-014 – A Five Year Old Vulnerability

image
THREATLABZ
1月 20, 2011 - 1 分で読了
Although 0day vulnerabilities receive all the attention, it’s not unusual to see attackers still taking advantage of old vulnerabilities to attack end users. Here's such an example where the vulnerability used was MS06-014 – a five year old vulnerability!. hxxp://www.win0day.com/win/6.htm delivers an obfuscated JavaScript exploit for this attack. Back in 2006 Metasploit released exploit code for this vulnerability.

Lets look at obfuscated JavaScript used:
    Image

The de-obfuscated code looks like this:
Image
The exploit takes advantage of vulnerable ActiveX object “RDS.DataControl” having classid “BD96C556-65A3-11D0-983A-00C04FC29E36”. The exploit is designed to download executable files, which are then stored on victim's machine. This executable file path in the exploit is as follows:
Image
This in turn decodes to:
Image
Virustotal results indicate that 21/43 AV engines have protection against this Trojan – a concerning statistic considering the age of the exploit used to deploy the malware. Virustotal’s URL submission indicates that malware URL was submitted on 2010-11-18 and still is in active state. Why would attackers continue to leverage such an old vulnerability? Sadly, as we have shown in our quarterly reports, nearly one in five corporate users still employ Internet Explorer 6, a nine year old web browser.

Pradeep
form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。