If at first you don't succeed; call it version 1.0
Saturday, 01 April 2006

On Thursday a new generation of the createTextRange exploit was released under Metasploit.

Few hours later, and an article was published on techweb, where AV vendor Fortinet claimed that this exploit is much faster (??) than the older exploits. And, probably after reading my blog post, older exploits caused the browser to freeze.

According to my tests using VirusTotal, Fortinet was the only AV vendor to create a signature for the new generation - JS/CreateTextRange.B!exploit.

Well, that was up until today, when a new revision for the createTextRange was published under Metasploit and Milw0rm.

The new revision demonstrates better AV/IDS evasion techniques, by using random variables/functions names, which apparently are included in the "generic" signatures of the AV and IDS vendors.

And no, this is not an April fool's day prank.

10 days (or less) left for the MS patch.


Saturday, 01 April 2006 21:56:28 UTC | Comments [0] | Security#
Comments are closed.     
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.