Java.ByteVerify exploit

Published: 2008-01-11
Last Updated: 2008-01-11 20:19:06 UTC
by Daniel Wesemann (Version: 1)
0 comment(s)

Come April, we will reach the FIFTH anniversary of the ByteVerify vulnerability (MS03-011). Untangling some seriously obfuscated JavaScript coming from a couple of web sites in China earlier today, I ended up with - yes, a ByteVerify exploit. Also in the package was an MDAC exploit (MS06-014), whose second anniversary will be up this April as well.

To see these exploits still in use can only mean one thing: They still work.

And they seem to work well enough that the bad guys can instead sink their time into developing new obfuscation techniques and other ways to make analysis more difficult -- only to deliver a five year old exploit in the end. Not a very stellar testament to patching efforts.


0 comment(s)


Diary Archives