CPE: McAfee AudioParasitic: Episode 51: bundled attack
length: 00:15:21
IE vulnerability:
every single version 5-7 & every single OS venerability
Specially crafted XML – remote exec
Combination of exploitantion to system that is vulnerable
to SQL injection & this IE vulnerability is explosive
MS release OOB patch
SQL injection & cross site scripted vulnerability makes
this very bad
That last year advice: do not got site that you don’t trust
is not valid anymore
Now with SQL injection it’s really difficult to tell whether
website can be trust or not.
Compromised trusted website with SQL injection
Blended attack: sending attachment – a document &
have active-X that redirect to malicious site
INTERESTING:
Defense time line: it appears that this particular
vulnerability may have been sold –in underground scene for some months in
advanced.
In avertedly it
was described in detail – thinking this has been patched- it leads to wide
spread of the exploitation of this
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home