keyframe (daxctle.ocx) exploit, Another zero day on the loose?


The daxtcle.ocx exploit is the "other" zero day exploit, which to our knowledge hasn't been seen in the wild. However, Adam Thomas in our security research team has just discovered a website with a modified version of the exploit that downloaded malware to a fully patched XP SP2 machine. The malware site was in a redirect script off of a porn site, in the same area as we discovered the VML exploit.

The exploit downloaded a fake version of svchost.exe, and a DLL was created in %system%\hehesox.dll which is receiving commands from a malware site. The browser did crash, but malware was successfully installed. SunbeltBLOG: Another zero day on the loose? keyframe (daxctle.ocx) exploit seen in the wild

Linked by shanmuga Monday, 25th September 2006 11:53PM