| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40203C46.21590.1CD1877D@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Old Hack? Steffen Kluge <kluge@...itsu.com.au> replied to "axid3j1al": > > Has anyone see this little code injection hack. > > > > Is this old? > > According to Trend AV, this is JS_PETCH.A, first discovered 6-Nov-2003. And you _believe_ that?? That is a totally bogus name/detection. What Trend wants to tell you is that the code is an attempt to exploit the ADODB bug in IE, whereby you couls overwrite arbitrary local files. The first (?) PoC publicy posted contained code very like what was posted here, replacing WMP and then trying to launch something that would, on a default Windows install, cause the replaced WMP to be executed. To name a detection for a generic "attempt to exploit a vulnerability" as if it were a specific, individual entity (as suggested by the name you cite) is somewhere well south of utterly bogus... However, I agree it is an old exploit. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists