Exploiting vulnerabilities through SWF
Another massively formats used to exploit the weaknesses of the teams are the Small Web Format files, .swf. In general, are often subjected to the injection of the exploit code for infringing an error in particular.
File the same wave of attacks by malicious JavaScript was mentioned in the post of vulnerabilities through files .js, had been combined with other alternatives like this.
In this case it exploits a vulnerability in Adobe Flash Player described in CVE-2007-0071 whereby through a file .swf is manipulated maliciously causes a buffer overflow allowing execution of arbitrary code by a remote attacker.
This means that if the user accessed, for example, the URL http://www.710sese.cn/a1/ (59.34.197.115) the file will run f16.swf (MD5:95EC9202FBE74D508205442C49825C08) that according to the report from VirusTotal, is detected for 18 of the 39 antivirus which scans the sample. The insert in the writ. Swf exploit the vulnerability in case you have installed the application and be vulnerable.
Some of the URLs used for the dissemination of the writ are:
http://www.710sese .cn/a1/f16. swf
http://www.710sese .cn/a1/f28. swf
http://www.710sese .cn/a1/f45. swf
http://www.710sese .cn/a1/f47. swf
http://www.710sese .cn/a1/f64. swf
http://www.710sese .cn/a1/f115. swf
http://www.710sese .cn/a1/i28. swf
http://www.710sese .cn/a1/i16. swf
http://www.710sese .cn/a1/i45. swf
http://www.baomaaa .cn/a279/f16. swf
http://www.baomaaa .cn/a279/f28. swf
http://www.baomaaa .cn/a279/f45. swf
http://www.baomaaa .cn/a279/f47. swf
http://www.baomaaa .cn/a279/f64. swf
http://www.baomaaa .cn/a279/f115. swf
http://www.baomaaa .cn/a279/i28. swf
http://www.baomaaa .cn/a279/i16. swf
http://www.baomaaa .cn/a279/i45. swf
http://000.2011wyt .com / versionff. swf
http://000.2011wyt .com / versioni. swf
http://sss.2010wyt .net / versioni. swf
http://sss.2010wyt .net / versionff. swf
http://www.misss360 .cn / versionff. swf
http://www.misss360 .cn / versioni. swf
http://daoye.sh .cn/a08_1272/m16. swf
http://daoye.sh .cn/a08_1272/m28. swf
http://daoye.sh .cn/a08_1272/m45. swf
http://ccsskkk .cn/new7/fl/f16. swf
http://ccsskkk .cn/new7/fl/f28. swf
http://ccsskkk .cn/new7/fl/f45. swf
http://ccsskkk .cn/new7/fl/f47. swf
http://ccsskkk .cn/new7/fl/f64. swf
http://1.ganbobo .com/template/kankan/js/4.0/curtain. swf
http://1.ganbobo .com/template/kankan/js/4.0/playerctrl. swf
After exploding on your computer, download the binary a1.css from http://d.aidws.com /new, malicious code which we have already mentioned in other post.
Related information
Exploitation of vulnerabilities through JS
Jorge Mieres
0 comentarios:
Post a Comment