|
 Back to news
Exploits
discovered for
recent Microsoft
vulnerabilities
Microsoft announced 3 security bulletins to the world less than 24 hours ago, and already we've picked up an exploit and a Trojan in the wild.
Skylined has posted up a sample exploit to validate that your systems are vulnerable.
Symantec has posted up information regarding a remote access trojan called 'Globe', which opens TCP port 28876 on a compromised computer.
The exploit and trojans both target the vulnerability highlighted in MS05-002, specifically CAN-2004-1049 - in which the Cursor and Icon Format Handling Allows Remote Code Execution on Windows 9x, ME, 2000, XP and 2003.
Microsoft state that "A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system."
You can read more from Microsoft by following the link below:
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
You can download the exploit code sample from the link below:
http://www.edup.tudelft.nl/~bjwever/menu.php
You can review Symantecs description of 'Globe' from the link below:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.globe.html
|
