33 matches found
Microsoft Windows OLE Obfuscated Automation Array Remote Code Execution (CVE-2014-6332)
A new obfuscation technique of remote code execution vulnerability has been reported in Microsoft Windows Object Linking and Embedding OLE. The vulnerability is due to an improper access to memory objects by Internet Explorer. A remote attacker can exploit this issue by enticing target users to...
ThreatList: Exploit Kits Still a Top Web-based Threat
What we can glean from a 2018 roundup of current web-threats is old vulnerabilities die hard. In a report, released by Palo Alto Networks Unit 42, researchers said so far this year cybercriminals are targeting unpatched PCs with ancient CVEs and well-known exploit kits. Here is a ThreatList from...
Malvertising Campaign Redirects Browsers To Terror Exploit Kit
Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the...
EternalBlue Exploit Spreading Gh0st RAT, Nitol
EternalBlue, the exploit used in the WannaCry ransomware outbreak, is now being leveraged to distribute the Nitol backdoor and Gh0st RAT malware. Security researchers at FireEye said, just as WannaCry criminals did, threat actors are leveraging the same Microsoft Server Message Block SMB protocol...
Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads
The “EternalBlue” exploit MS017-010 was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block SMB protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic...
IE Godmode remote code execution vulnerability, CVE-2014-6332)
No description provided by source. alliedve.htm // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set shell=createobject"Shell.Application" shell.ShellExecute...
PowerShell used for spreading Trojan.Laziok through Google Docs
Introduction Through our multi-flow detection capability, we recently identified malicious actors spreading Trojan.Laziok malware via Google Docs. We observed that the attackers managed to upload the payload to Google Docs in March 2016. During the brief time it was live, users accessing the...
GongDa vs. Korean News
On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...
GongDa vs. Korean News
On Jan. 27, we observed visitors to a Korean news site being redirected to the GongDa Exploit Kit EK, potentially exposing them to malware infection. We will be referring to this site as KNS. GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful...
Cybercrime News Results In Cybercrime Blues
INTRODUCTION FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian.com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian.com responded th...
IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution
IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: = 9.0.2 Tested on: Windows 7 Exploit Based on MS14-064 CVE-2014-6332 http://www.exploit-db.com/exploits/35229/ if...
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
Document Title: =============== Microsoft HTA HTML Application - Remote Code Execution Vulnerability MS14-064 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1576 Video: http://youtu.be/Vkswz7vt23M...
Microsoft HTA (HTML Application) Remote Code Execution
Document Title: =============== Microsoft HTA HTML Application - Remote Code Execution Vulnerability MS14-064 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1576 Video: http://youtu.be/Vkswz7vt23M...
MS HTA (HTML Application) - Code Execution (MS14-064)
Document Title: =============== MS HTA HTML Application - Code Execution MS14-064 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1576 Video: http://youtu.be/Vkswz7vt23M http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6332 CVE-ID: =======...
IBM Security AppScan 9.0.2 Remote Code Execution
!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set...
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution
!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set shell=createobject"Shel...
Analysis of exploit kits(EXP)family members Archie and Astrum-vulnerability warning-the black bar safety net
Exploit kits(EXP)has been spread crimeware important tool. As the saying goes, know ourselves victorious, as security researchers, we must fully understand and analyze them. This article will introduce two of the latest popular Tools Pack-Archie and Astrum. Archie kit Archie kits in 8 months has...
Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution Exploit
This Metasploit module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. Powershell is required on the target machine. On Internet Explorer versions using Protected Mode,...
Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/powershell' class Metasploit4 HttpClients::IE, :uaminver = "3.0", :uamaxver = "10.0", :javascript = true, :osname =...
MS14-064 Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
This module exploits the Windows OLE Automation array vulnerability, CVE-2014-6332. The vulnerability is known to affect Internet Explorer 3.0 until version 11 within Windows 95 up to Windows 10, and no patch for Windows XP. However, this exploit will only target Windows XP and Windows 7 box due ...