Exploit.Html.Ieslice.P
VERY HIGH
LOW
~ 10 Kb
()
Symptoms
This is a downloader script so you will most likely notice the efect of the malware it downloads.The malware that this script downloads is now detected as Trojan.Proxy.Ranky.GG
Removal instructions:
Please let BitDefender disinfect your computer.
Analyzed By
Mihai Cimpoesu, Virus Researcher
Technical Description:
It comes as an embedded, very obfuscated JS script inside a html page that displays the "404 - Document not found message" error message.
It takes advantage of the Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability to allow the download code that is stored in a JS unescape sequence to be executed and thus downloading the malware found at address http://lakisman.info/logo/[removed]
If, by any chance this exploit fails it has another possibility to download the malware by using one vulnerability in the ADODB.Stream object from Internet Explorer. A description of this vulnerability can be found here : http://support.microsoft.com/default.aspx?scid=kb;EN;870669
SHARE
THIS ON