2008-03-15

Neosploit update

For a while now we have been observing version 2.0.15 used by many malicious sites. However, it seems that recently there's been an update to the toolkit.

There were two exploits added, initially reported by Exploit Prevention Labs, and some slight changes in the decryption function of the obfuscated Javascript. Also, minor changes in the URL scheme used to track statistics on visitors and victims.

Here are the vulnerabilities exploited as of today:

"Internet Explorer"

(3) - cve-2007-0018 "NCTAudioFile2" ActiveX control "SetFormatLikeSample()" method (77829F14-D911-40FF-A2F0-D11DB8D6D0BC)
(7) - cve-2006-4777 "DirectAnimatioin.PathControl" ActiveX control "KeyFrame()" method (D7A7D7C3-D47F-11D0-89D3-00A0C90833E6)
(9) - cve-2006-5820 "Sb.SuperBuddy.LinkSBIcons()"
(12) - cve-2006-3730 "WebViewFolderIcon.WebViewFolderIcon.1.setSlice()"
(13) - cve-2007-5779 "GomWebCtrl.GomManager.1.OpenURL()"
(19) - cve-2008-0624 Yahoo! Music Jukebox DataGrid ActiveX control AddButton() method (5F810AFC-BB5F-4416-BE63-E01DD117BD6C)
(20) - cve-2007-2222 MS07-033 Microsoft Speech API ActiveVoice control (EEE78591-FE22-11D0-8BEF-0060081841DE)


"Firefox"

cve-2006-0005 Windows Media Player Plugin MS06-006
cve-2007-0015 QuickTime RTSP Response Header Content-Type

4 comments:

Anonymous said...

Do you have any information about the release dates of this toolkits?

For example release dates of

- NeoSploit 2.0.7
- NeoSploit 2.0.13
- NeoSploit 2.0.14
- NeoSploit 2.0.15
- NeoSploit 2.0.17
- NeoSploit 2.0.2529

Or how fast they rlease?

-=[ dxp ]=- said...

We don't have any information on dates tied to specific version releases.

However, updates have been occuring rather frequently lately, couple of weeks between releases.

Anonymous said...

CVE-2006-6166 is a XSS vulnerability in Joomla!

I assume you ment CVE-2007-0015

Bye :)

-=[ dxp ]=- said...

Thank you for pointing that out.

This was a serious mistake on our part. The person responsible for the post will get 20 lashings with a bamboo stick.