Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Js_realplay.j

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Js_realplay.j
# 1  
Old 12-25-2007
Js_realplay.j
This exploit is hosted on a Web site and runs when a user accesses the said Web site.
It takes advantage of a known vulnerability in several versions of the media player RealPlayer that causes a stack overflow and allows the download of possibly malicious files on the affected system.
Before exploiting the abovementioned vulnerability, this exploit first checks if the affected machine is running Windows 2000 or Windows XP with Internet Explorer 6 or 7. It also checks if RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system.
Once it successfully exploits the said vulnerability, this exploit connects to a certain URL to download a malicious file which is detected by Trend Micro as PE_MUMAWOW.AO-O. As a result, malicious routines of the downloaded file may be exhibited on the affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

web::simple::deployment

Web::Simple::Deployment(3pm)				User Contributed Perl Documentation			      Web::Simple::Deployment(3pm)

NAME

       Web::Simple::Deployment - various deployment options

DESCRIPTION

       This file documents common deployment methods for Web::Simple. If you feel one is missing, please ask in the IRC channel and we'll work
       with you to add it.

CGI

       The most basic deployment option is as a CGI script loading and running your Web::Simple-module:

	 #!/usr/bin/env perl

	 use Your::Web::Simple::App;
	 Your::Web::Simple::App->run_if_script;

       Save that as script.cgi and your web server will handle it correctly.

Plack-Server
       This works in with exactly the same code as CGI deployment. However instead of letting your web server load script.cgi, you run this on the
       command line:

	 plackup script.cgi

   Self-contained CGI
       Sometimes your app is so small that you have only one or two tiny classes that you want to run as a CGI script. Web::Simple offers a
       helpful mechanism to achieve that.

	 #!/usr/bin/env perl

	 use Web::Simple 'HelloWorld';	 # enables strictures and warnings for the file
					 # additionally, HelloWorld is upgraded to a
					 # Web::Simple application
	 {
	   package HelloWorld;

	   sub dispatch_request {
	     sub (GET) {
	       [
		 200,
		 [ 'Content-type', 'text/plain' ],
		 [ 'Hello world! It is a fine ' . HelloWorld::Helper->day ]
	       ]
	     },
	     sub () {
	       [ 405, [ 'Content-type', 'text/plain' ], [ 'Method not allowed' ] ]
	     }
	   }
	 }

	 {
	   package HelloWorld::Helper;

	   use DateTime;

	   sub day {
	     return DateTime->now->day_name;
	   }
	 }

	 HelloWorld->run_if_script;

AUTHORS

       See Web::Simple for authors.

COPYRIGHT AND LICENSE

       See Web::Simple for the copyright and license.

perl v5.14.2							    2012-05-07					      Web::Simple::Deployment(3pm)