JS.CVE-2005-1790.q or FP ?

Discussion in 'NOD32 version 2 Forum' started by pykko, Apr 11, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I've recently found this file and many AVs detect it. Is it a FP or a real threat? NOD32 currently doesn't detect it. :( I've sent them the sample couple of days ago. Hope someone from eset can take a look at it. :)
     

    Attached Files:

  2. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    "JS.CVE-2005-1790" exploit is a generic detection of web pages or e-mail messages which attempt to exploit the "Microsoft Internet Explorer onload Window() arbitrary code execution vulnerability" vulnerability.

    This does not necessarily mean that a virus has been found. It merely means that JavaScript code was found which attempts to activate additional executable code without the user's express permission. This exploit can be used in a malicious web page or inside e-mail messages to execute code of the attacker's choice on the user's machine. Users of Internet Explorer and applications such as Outlook or Outlook Express that employs Internet Explorer to render HTML content are vulnerable to this exploit.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    yes, beenthereb4, but it's always safer to detect it because you have said:

    "This exploit can be used in a malicious web page or inside e-mail messages to execute code of the attacker's choice on the user's machine."

    I don't use IE but will the AV detect the random executable code after the exploit has been run? Well..maybe Marcos can say something more about this :)
     
Thread Status:
Not open for further replies.