Neosploit Updated with Exploit
Sometime over the recent Easter weekend, an update to the Neosploit Web attack toolkit showed up on DeepSight honeypots. The new Neosploit version is being served mainly from traffic exchange sites, but some mainstream sites, such as those for restaurants, were also serving up the infectious content.
The main addition that was found in the new iteration of Neosploit is the addition of an exploit for the CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability. There is no patch available for this vulnerability as of this writing.
The 2008 versions of NAV, NIS, and N360v2 will catch this exploit as “MSIE CA BrightStor ActiveX BO”, although most of the time the new Neosploit version will be detected as the other vulnerabilities exploited by the toolkit: MDAC, NCTAudioFile2, GOM Player, WebViewFolderIcon setSlice(), and Daxctle.OCX KeyFrame.
CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability
NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability
Microsoft WebViewFolderIcon ActiveX Control Buffer Overflow Vulnerability
Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability