1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: C6 Messenger File Overwrite

Web Attack: C6 Messenger File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote file download vulnerability by sending specially crafted arguments into a a method of C6 Messenger ActiveX Control.

Additional Information

C6 Messenger is an IM application.

C6 Messenger Installation URL Downloader ActiveX control is prone to a vulnerability that lets remote attackers download files from arbitrary locations to an affected computer.

Specifically, the vulnerability affects the 'propDownloadUrl()' method of the Installation URL Downloader ActiveX control identified by CLSID:

c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61

Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Response

Download and install all vendor patches related to this vulnerability.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube