MSIE VML exploited

Discussion in 'NOD32 version 2 Forum' started by duijv023, Sep 23, 2006.

Thread Status:
Not open for further replies.
  1. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    does NOD32 - v.1.1770 (20060923)
    already contain any kind of protection against this?

    (of course i do not say you can use IE better than alternatives like firefox :D )

    grtz
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Version=1.1769 (20060923)
    BAT/StartDcom.A, BAT/TGF, Bat2Exec.Stella.B,HTML/Exploit.VMLFill (3), IRC/SdBot (6), JS/TrojanDownloader.Agent.NAA, Win32/Adware.404Search, Win32/Adware.Agent.AM (5), Win32/Bifrose.AAF, Win32/Bifrose.AAG, Win32/Brontok.CH, Win32/Exploit.Agent.AE, Win32/Hupigon (6), Win32/Hupigon.CFZ, Win32/Liondoor, Win32/NoonLight.Q (2), Win32/Prorat.FM, Win32/PSW.Agent.NAP (2), Win32/PSW.Agent.NAQ (2), Win32/PSW.Delf.NBK (3), Win32/PSW.Delf.NBL (4), Win32/PSW.LdPinch.AXQ (2), Win32/PSW.LdPinch.NCB (3), Win32/PSW.Legendmir, Win32/PSW.Legendmir.BBN (2), Win32/PSW.Lineage.AJP (2), Win32/PSW.QQPass.IW, Win32/PSW.Small.BS, Win32/Rbot (5), Win32/Small.JL (2), Win32/Spy.Bancos.U (2), Win32/Spy.Banker.ANV, Win32/Spy.BZub.NAO (3), Win32/Spy.BZub.NAP (2), Win32/Spy.Delf.NDH (2), Win32/Spy.Goldun.MS (4), Win32/Spy.Goldun.NAJ (3), Win32/TrojanDownloader.Adload.FR, Win32/TrojanDownloader.Banload.NIW (2), Win32/TrojanDownloader.Delf.AYE (2), Win32/TrojanDownloader.Delf.NNO, Win32/TrojanDownloader.Delf.O G, Win32/TrojanDownloader.Oleloa, Win32/TrojanDownloader.Oleloa.E (2), Win32/TrojanDownloader.Small.AWA, Win32/TrojanDownloader.Small.DIB, Win32/TrojanDownloader.Small.NOX, Win32/TrojanDownloader.Small.NOZ (2), Win32/TrojanDownloader.Small.NPA (2), Win32/TrojanDownloader.Zlob.ADA (3), Win32/TrojanDownloader.Zlob.ADB (2), Win32/TrojanDownloader.Zlob.ADC (3), Win32/TrojanDownloader.Zlob.ADS (4), Win32/TrojanDropper.Mudrop.V, Win32/TrojanDropper.MultiJoiner.CK, Win32/VB.AMD (2), Win32/VB.AXZ, Win32/Viking.AE (2), Win32/Viking.AK (3), Win32/Viking.AO, Win32/Viking.AP, Win32/Viking.AR, Win32/Viking.NAM, Win32/WinterLove.AV (2), Win32/Zapchast (2)
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,766
    Location:
    Texas
  4. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    thnx guys,

    i think i'm gonna grab a beer now :D

    i can encourage you to do the same....... cheers!
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    I'd like to add that you should be protected against all future variants - we have improved generic detection and released 2 updates shortly after each other.
     
  6. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    yes, I saw 1770 coming in, and on the eset site 1771 announced already.
    this is nice!

    btw my beer tastes very good ;-)

    greetings from holland
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    duijv023's , when you want to search something in NOD32 UPdates database you may use the nod32sse.com website. ;)
     
  8. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    thanks,
    i didn't know that site, nice info!
    :)
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    It is in my signature for a long time. :D
     
  10. Kniht

    Kniht Registered Member

    Joined:
    Jan 20, 2006
    Posts:
    20
    NOD32 doing it's job

    Went to the Zert website to download a temporary patch for the buffer overflow in VLM library used by Microsoft IE and Outlook (until MS releases the official patch in October).

    While at this site http://isotf.org/zert/download.htm I decided to click on the link that tests the temporary emergency patch. It states an unpatched IE will crash when the link is clicked. I clicked on this link with IE unpatched and IMON immediately popped up with a message box stating it had detected some nasty files and denied me access to the site.

    Way to go NOD32!
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Re: NOD32 doing it's job

    Don't worry, you are fully protected. A couple of hours ago, I ran into an exploit variant detected only by NOD32 and the guys from the lab confirmed it was not a false positive.
     
  12. ASpace

    ASpace Guest

    Just to inform you , Microsoft already released an official patch for this available for all genuie MS users on http://windowsupdate.microsoft.com

    It needs no restarting , though :)

    Excellent job , ESET !
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    they were faster this time. Thx for the info HiTech boy
     
  14. ASpace

    ASpace Guest

    No problems!:D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.