Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

---

S'abonner au fil RSS global de la revue de presse

---

Présentation : In a blog article from last year, I discussed the rise in popularity of exploits using ActiveX overwrite delete vulnerabilities due to their ease of use. Since that time, we have seen over 100 such vulnerabilities. Microsoft requires developers of ActiveX controls to mark their controls not safe for scripting if they can arbitrarily write or delete files. However, developers not realizing the security implications or the full capabilities of their ActiveX control often fail to do so, allowing unauthorized remote users to arbitrarily write files to disk. In some cases, the ActiveX control does not even need to be installed by the user as was the case with the Access Snapshot Viewer ActiveX Vulnerability. Recently we ve seen a sharp rise in these types of vulnerabilities and have discovered them being exploited in the wild as part of an exploit pack. Symantec s DeepSight honeypots observed the exploit pack attack leverage a number of older ActiveX overwrite delete vulnerabilities, which had not been previously seen in the wild. The attack contained exploits for ActiveX overwrite delete vulnerabilities in Microsoft, Yahoo, C6, Macrovision, Zenturi, Clever Internet suite, JetAudio, and other ActiveX controls. Exploits for these vulnerabilities are detected by IPS NIS, NAV, N360, SEP, and SCS products as HTTP SnapShot Viewer ActiveX File Download HTTP EDraw Flowchart ActiveX Overwrite HTTP Yahoo Messenger CYFT Ctrl GetFile HTTP Clever Internet Suite Overwrite HTTP Zenturi PogramChecker DownloadUrl ActiveX File Overwrite HTTP Cowon jetAudio ActiveX Dir Trav. HTTP C6 Messenger ActiveX File Overwrite HTTP MacroVision FlexNet USWA ActiveX BO Encoded versions of these exploits are detected by Symantec Browser Protection NIS 2008, NAV 2008, N360 v2 as MSIE MS Snapshot ActiveX File Download MSIE EDraw Flowchart File Overwrite MSIE Yahoo Messenger GetFile Method File Upload MSIE Clever Internet ActiveX File Overwrite MSIE Zenturi ProgramChecker ActiveX File Overwrite MSIE jetAudio JetFlExt ActiveX Insecure Method MSIE C6 Messenger Suspicious File Download MSIE InstallShield Macrovision ActiveX BO Additionally, Symantec antivirus programs will detect this attack as Downloader. Various toolkits provide heavily obfuscated exploits to evade IDS. Symantec customers are protected against these attacks because Symantec products have a built-in Browser Protection feature that defends against obfuscated code attacks using ActiveX, JavaScript, VBScript, and drive-by downloads. While application security improves and technical difficulty in exploiting memory corruption flaws continues to increase, a number of easier to exploit and more reliable attack vectors still remain. ActiveX overwrite delete vulnerabilities are very trivial to exploit and that s why many malicious toolkits contain exploits for these vulnerabilities. Unfortunately we can expect continued discovery and exploitation of these vulnerabilities in the future.

Les mots clés de la revue de presse pour cet article : activex overwrite
Les éléments de la revue Twitter pour les mots clé : activex





Les derniers articles du site "Symantec Connect Security Response Billets" :

- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US

---

S'abonner au fil RSS global de la revue de presse

---