[Emerging-updates] Daily Update Summary 28/12/2010

Matthew Jonkman jonkman at emergingthreatspro.com
Tue Dec 28 14:57:00 EST 2010


Lots of new goodies today.

       2012101 || ET EXPLOIT Oracle Virtual Server Agent Command Injection Attempt || url,exploit-db.com/exploits/15244/
       2012102 || ET ACTIVEX Image Viewer CP Gold Image2PDF Buffer Overflow || url,www.exploit-db.com/exploits/15658/
       2012103 || ET EXPLOIT D-Link bsc_wlan.php Security Bypass || url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt

The regular load of new exploits, be sure to run these if you have the apps in place.


       2012104 || ET USER_AGENTS Known Malware User-Agent AdVantage || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com
       2012105 || ET TROJAN AdVantage Malware URL Infection Report || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com
       2801180 || ETPRO TROJAN Koobface.D Checkin || telus,FSC20101214-02
       2801205 || ETPRO MALWARE Cloudweb Spyware Reporting
       2801206 || ETPRO MALWARE Cloudweb Spyware Updating
       2801207 || ETPRO MALWARE Cloudweb Spyware Checkin Download
       2801209 || ETPRO MALWARE Generic Trojan with ludilo UA
       2801210 || ETPRO TROJAN GENERIC Infection Report in Email

Some new malware stuff. 


       2012106 || ET WEB_CLIENT Hex Obfuscation of arguments.callee %u UTF-16 Encoding || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012107 || ET WEB_CLIENT Hex Obfuscation of document.write %u UTF-16 Encoding || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012108 || ET WEB_CLIENT Hex Obfuscation of charCodeAt %u UTF-16 Encoding || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012109 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-16 Encoding || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012110 || ET SHELLCODE Possible UTF-8 %u90 NOP SLED || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012111 || ET SHELLCODE Possible UTF-16 %u9090 NOP SLED || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
       2012112 || ET SHELLCODE Possible Encoded %90 NOP SLED || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf

From Kevin Ross, an interesting way to potentially catch more exploit shellcode.


       2801181 || ETPRO ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX Control Buffer Overflow || telus,FSC20101214-31 || url,www.exploit-db.com/exploits/15733/
       2801182 || ETPRO ACTIVEX SAP Crystal Reports PrintControl.dll ActiveX Control Buffer Overflow 2 || bugtraq,45387 || cve,2010-2590 || telus,FSC20101214-31
       2801183 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x37  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801184 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x38  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801185 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x39  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801186 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3A  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801187 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3B  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801188 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3C  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801189 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3D  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801190 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3E  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801191 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x3F  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801192 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x40  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801193 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x43  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801194 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x35  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801195 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x36  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801196 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x41  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801197 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x42  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801198 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x44  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801199 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x45  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801200 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x46  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801201 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x47  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801202 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x48  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801203 || ETPRO EXPLOIT Apple CUPS IPP Use-after-free Memory Corruption byte 0x49  || bugtraq,44530 || cve,CVE-2010-2941 || telus,FSC20101101-03
       2801204 || ETPRO WEB_CLIENT Apple Safari WebKit Menu OnChange Memory Corruption || cve,CVE-2010-1814 || url,trac.webkit.org/browser/trunk/LayoutTests/fast/events/select-onchange-crash.html || telus,FSC20101203-04

And some ugly ones. Highly recommend running these!



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-updates mailing list