Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14337
HistorySep 20, 2006 - 12:00 a.m.

[Full-disclosure] [SECURITY] Sunbelt Software: New Microsoft Internet Explorer Expolit - 9-18-2006

2006-09-2000:00:00
vulners.com
12
JSON

Sunbelt Software Security Advisory

Description:

A new Microsoft Internet Explorer exploit has been found in the wild by
Sunbelt Software Security Researchers.

This exploit uses a buffer overflow in the IE's VML code to execute code
remotely. Contact [email protected] for further information.

Analysis:

Analysis information and exploit code has been released to security
companies and security researchers. This exploit currently affects fully
patched versions of Microsoft Internet Explorer 6 on Windows XP Home and
Windows XP Professional. Other Microsoft Windows versions and Microsoft
Internet Explorer versions are being tested.

Chronology:

9/15/2006 - Found in the wild but was unable to confirm.
9/18/2006 - Reliable exploit found on multiple websites.
9/18/2006 - Exploit used to install Virtumonde.
9/18/2006 - Exploit websites changed to install Virtumonde plus the
following malware - Trojan-PSW.Win32.Sinowal.aq, BookedSpace Browser
Plug-in , AvenueMedia.InternetOptimizer, Claria.GAIN.CommonElements,
Mirar Toolbar, 7FaSSt Toolbar, webHancer, Trojan.SvcHost, Trojan.Delf,
Begin2Search Toolbar, MediaMotor Trojan Downloader,
Trojan-Downloader.Winstall, TargetSaver Browser Plug-in, InternetOffers
Adware, SurfSideKick, Trojan.Vxgame , SafeSurfing.RsyncMon,
Trojan-Downloader.Small , Freeprod/Toolbar888,
ConsumerAlertSystem.CASClient, SpySheriff, Trojan-Downloader.Qoologic,
Zenotecnico, Command Service , WebNexus, Webext Browser Plug-in,
CWS.Dialerz, DollarRevenue , Trojan-Downloader.Gen, Danmec.B-dll,
Traff-Acc , EliteMediaGroup , NetMon, TagASaurus,
Trojan-Downloader.Win32.Small.awa, FullContext.EQAdvice,
Trojan-Clicker.Win32.VB.ij, Yazzle.Cowabanga Misc, Backdoor.Shellbot,
Trojan.Danmec , TopInstalls.Banners, Trojan-Dropper.Delf.VA,
Adware.Batty, Trojan-Downloader.Win32.Small.cyh, Toolbar.CommonElements,
Trojan.Win32.PePatch.dw , Backdoor.Win32.Delf.aml, BookedSpace.
9/18/2006 - Reported to Microsoft Security and other Security Companies
and Researchers

Credits:

Adam Thomas, Security Researchers at Sunbelt Software
Eric Sites, VP of Research & Development at Sunbelt Software
Security Research Team at Sunbelt Software

Related Links:

http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-be
ing.html
http://research.sunbelt-software.com/
http://www.sunbelt-software.com/

Copyright (c) 2006 Sunbelt Software

Eric Sites
VP of Research & Development
Sunbelt Software
[email protected]

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON