![]() ![]() CVE-2010-1885 – Microsoft Help Center URL Validation Vulnerability.CVE-2010-1423 – Java argument injection vulnerability in the URI handler in Java NPAPI plugin.CVE-2010-0886 – Vulnerability in the Java Deployment Toolkit component in Oracle Java SE.CVE-2010-0842 – Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability.CVE-2010-0840 – Sun Java JRE Trusted Methods Chaining Remote Code Execution Vulnerability.CVE-2010-0188 – Adobe Acrobat Bundled Libtiff Integer Overflow Vulnerability.CVE-2009-4324 – Adobe Reader and Adobe Acrobat “util.printd” Vulnerability.CVE-2009-1671 – Java buffer overflows in the Deployment Toolkit ActiveX control in “deploytk.dll”.CVE-2009-0927 – Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 (multiple versions) allows remote attackers to execute arbitrary code.CVE-2008-2992 – Adobe Reader “util.printf” Vulnerability.CVE-2007-5659 – Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier. ![]() CVE-2006-0003 – Unspecified vulnerability in the RDS.Dataspace ActiveX control in Microsoft Data Access Components (MDAC).Plenty to complain about with faux BBB spamĪs mentioned earlier, typically the Blacole exploit kit attempts to exploit vulnerabilities in applications such as Adobe Flash Player, Adobe Reader, Microsoft Data Access Components (MDAC), the Oracle Java Runtime Environment (JRE), and other popular products and components, including:.Disorderly conduct: localized malware impersonates the police.The Microsoft Malware Protection Center (MMPC) provides several other examples of this type of attack in articles they have published on their blog: If the system did not have up-to-date antimalware software installed on it, the exploit server that the malicious link in the email pointed to would have likely attempted to exploit multiple known vulnerabilities until a successful compromise could be achieved and malware could be installed on the system. Simply clicking on the link in the email labeled “Visit your InBox Now” triggered the antimalware software installed on the system to detect JS/Blacole, a detection for a component of the Blacole exploit kit.įigure 2: Example email containing a malicious linkįigure 3: The antimalware software installed on the system detected a component of the Blacole exploit kit The intended target of the attack received an email purportedly from a contact within a popular social network that they use. I can offer a real world example of what one such attack looks like. When the attacker installs the Blacole kit on a malicious or compromised web server, visitors who don’t have the appropriate security updates installed are at risk of infection through a drive-by download attack. It consists of a collection of malicious web pages that contain exploits for vulnerabilities in versions of Adobe Flash Player, Adobe Reader, Microsoft Data Access Components (MDAC), the Oracle Java Runtime Environment (JRE), and other popular products and components. Prospective attackers buy or rent the Blacole kit on hacker forums and through other illegitimate outlets. This increase was due primarily to the emergence of JS/Blacole, a family of exploits used by the so-called “Blackhole” exploit kit to deliver malicious software through infected web pages.įigure 1: The number of unique systems reporting detections/blocks of HTML and JavaScript exploits via Microsoft antimalware products each quarter in 2011, source: SIRv12īlacole is the name given to a family of malware that, when encountered, will use any number of available exploits to compromise a system. In the second half of 2011 (2H11) there was a dramatic increase in detections of exploits delivered through JavaScript. I have written about drive-by download attacks in the past (What You Should Know About Drive-By Download Attacks part 1, part 2) and the need to keep all software up-to-date in an effort to mitigate this type of attack. Endpoint management Endpoint managementĪccording to data we recently published in the Microsoft Security Intelligence Report volume 12 (SIRv12), drive-by download attacks continue to be a favorite tactic used by many attackers attempting to compromise large numbers of systems around the world.Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |