lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Old Hack?

Steffen Kluge <kluge@...itsu.com.au> replied to "axid3j1al":

> > Has anyone see this little code injection hack.
> > 
> > Is this old?
> 
> According to Trend AV, this is JS_PETCH.A, first discovered 6-Nov-2003.

And you _believe_ that??

That is a totally bogus name/detection.

What Trend wants to tell you is that the code is an attempt to exploit 
the ADODB bug in IE, whereby you couls overwrite arbitrary local files. 
The first (?) PoC publicy posted contained code very like what was 
posted here, replacing WMP and then trying to launch something that 
would, on a default Windows install, cause the replaced WMP to be 
executed.

To name a detection for a generic "attempt to exploit a vulnerability" 
as if it were a specific, individual entity (as suggested by the name 
you cite) is somewhere well south of utterly bogus...

However, I agree it is an old exploit.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ