Sometime over the recent Easter weekend, an update to the Neosploit Web attack toolkit showed up on DeepSight honeypots. The new Neosploit version is being served mainly from traffic exchange sites, but some mainstream sites, such as those for restaurants, were also serving up the infectious content.
The main addition that was found in the new iteration of Neosploit is the addition of an exploit for the CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability. There is no patch available for this vulnerability as of this writing.
The 2008 versions of NAV, NIS, and N360v2 will catch this exploit as “MSIE CA BrightStor ActiveX BO”, although most of the time the new Neosploit version will be detected as the other vulnerabilities exploited by the toolkit: MDAC, NCTAudioFile2, GOM Player, WebViewFolderIcon setSlice(), and Daxctle.OCX KeyFrame.
CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow...