Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Invision Board being exploited

Published: 2006-06-01
Last Updated: 2006-06-01 16:26:06 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
On May 21st we reported a vulnerability in Invision Power Board. To be honest I didnt know much about it, or about the amount of sites using it. Well, now I know at least a BIG one that was using it as a forum for its customers. We are still contacting the website owner, so I wont mention it here. But the case is that it was vulnerable and was exploited.
Now, when you visit it, it will try to push a .wmf exploit to you.

The iframes on that page were reditecting to HTTP : // and HTTP :   // .

Those websites, were redirecting to HTTP : //  and HTTP : // .

Which would try to push the .WMF exploit to you...

Fortunately, all AV vendors at Virustotal recognize the exploit, and at least McAfee and Symantec will trigger an alert when you are visiting this forum page.

Handler on Duty: Pedro Bueno ( pbueno /&&/ isc. sans. org )

0 comment(s)
Diary Archives