Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Neosploit Updated with Exploit

Created: 26 Mar 2008 07:00:00 GMT • Updated: 23 Jan 2014 18:41:37 GMT
Sean Hittel's picture
0 0 Votes
Login to vote

Sometime over the recent Easter weekend, an update to the Neosploit Web attack toolkit showed up on DeepSight honeypots. The new Neosploit version is being served mainly from traffic exchange sites, but some mainstream sites, such as those for restaurants, were also serving up the infectious content.

The main addition that was found in the new iteration of Neosploit is the addition of an exploit for the CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability. There is no patch available for this vulnerability as of this writing.

The 2008 versions of NAV, NIS, and N360v2 will catch this exploit as “MSIE CA BrightStor ActiveX BO”, although most of the time the new Neosploit version will be detected as the other vulnerabilities exploited by the toolkit: MDAC, NCTAudioFile2, GOM Player, WebViewFolderIcon setSlice(), and Daxctle.OCX KeyFrame.

CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability

Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability

NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability

Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability

Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability

Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability