No replies to this topic

[Nvyseal]

images/news/security.jpgA high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.

According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm. The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader.

Here’s a list of the exploits associated with this attack:

* Microsoft DirectShow (CVE-2008-0015)
* Microsoft Snapshot Viewer (CVE-2008-2463)
* Microsoft Data Access Components (MDAC) CVE-2006-0003
* AOL ConvertFile() remote buffer overflow exploit

Websense said the rigged site also comes with an auto-loading malicious PDF file that attempts to exploit these vulnerabilities:

* Adobe Reader and Acrobat 8.1.1 buffer overflow (CVE-2007-5659)
* Adobe Acrobat and Reader 8.1.2 buffer overflow (CVE-2008-2992)

If the user’s browser is successfully exploited, Websense says a malicious file is downloaded and run in the user’s Windows home directory from another collaborated exploit site.

The company’s blog has screenshots of the attack site.

Thanks: ZDNet