Security Intel Analysis Team's blog

While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability (BID 40586), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll

At the recent Pwn2Own contest held during the CanSecWest 2010 security conference, the Web browser targets were the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari. All of the targeted browser platforms were patched up to date and included the latest anti-exploitation technologies.

A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well.

As mentioned in a recent blog, Symantec is aware of the exploitation of a previously unknown and unpatched vulnerability affecting the Microsoft Video Streaming ActiveX control.

As regular readers of the Symantec Security Response Blog know, we’ve been monitoring W32.Downadup statistics for some time.

The W32.Downadup.A worm was the first worm discovered in the wild that was successfully leveraging MS08-067 in a widespread fashion.