In the previous quarter, we reported that we protected against more than 142 million threats in the first half of 2012 alone. One prominent threat in this period was ZACCESS, which is also known as ZeroAccess or SIREFEF. It can push fake applications and other malware onto infected systems, while using its rootkit capabilities to…
Read MoreKim Chanwoo
Security Specialist
As discussed in our previous blog entries, we found an exploit (Trend Micro detection HTML_EXPLOYT.AE) that targets a vulnerability found in Microsoft XML Core Services (CVE-2012-1889). Based on our analysis, HTML_EXPLOYT.AE contains three key features: its usage of Microsoft XML Core Services, heap spray, and No ROP (Return-Oriented-Programming) function. Our two initial blog entries already…
Read MoreIn the first part of our three-part blog entry about HTML_EXPLOYT.AE, we provided an analysis on how HTML_EXPLOYT.AE uses Microsoft XML Core Services vulnerability (CVE-2012-1889). As previously discussed, HTML_EXPLOYT.AE has three key features: its usage of Microsoft XML Core Services, use of heap spray technique, and No ROP (Return-Oriented-Programming) function. In the second part of…
Read MoreLast month, Microsoft released a fix tool in order to address a vulnerability in Microsoft XML Core Services. The said vulnerability, according to the Microsoft Security Advisory, could allow remote code execution if a user views a specifically crafted webpage using Internet Explorer. It has been given the identifier CVE-2012-1889. Since the vulnerability exists in…
Read MoreLast June 13, Microsoft released its security update for Cumulative Security Update for Internet Explorer (2699988) (CVE-2012-1875), which is exploited by a malware detected by Trend Micro as JS_DLOADER.SMGA. The attack code for this vulnerability has also been made public. There are few cases where that attack code is released simultaneously with Microsoft’s security update….
Read More