.png)
This post to follow integration of this CVE in the most used exploit kits (should be updated).
"Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows"
.png) |
| "snipshot" from dishonored.wikia.com |
Cool EK :
After being reported by Eric Romang on Gong Da Exploit Pack, it's now part of the Cool Exploit kit owned by a group pushing Reveton.
.png) |
| CVE-2013-0634 positive path on (Reveton) Cool EK 2013-03-06 |
GET http://filiumtbtooedeirrationaalisesti.forexpassage .com/world/romance-apparatus_clinical_repay.php
200 OK (text/html)
GET http://filiumtbtooedeirrationaalisesti.forexpassage .com/world/stream-beginning-currency.jar
200 OK (application/java-archive) 417bbd583a72e80121f488581cfd79b3 (Note that the CVE-2013-0431 has been removed...don't ask me why...it's still in CBeplay.P Cool EK)
GET http://filiumtbtooedeirrationaalisesti.forexpassage .com/world/giving-immediate_prescribe-immigrant.swf ec0df4339fc7dcf9d3ae240c97f16a35
200 OK (text/html)
GET http://[Redacted]/world/mypic.dll 413f4a8a996f3725b3e2bd7fd32a98e6
200 OK (application/x-msdownload)
More to come soon i guess.
Some readings :
CVE-2013-0634 - CVE - Mitre
And (recent first)
Gong Da / Gondad Exploit Pack Add Flash CVE-2013-0634 Support - Eric Romang Blog - 2013-02-26
"Confirmed ITW" CVE-2013-0634 This LadyBoyle is not nice at all. - unixfreakjp - Malware must die - 2013-02-09
LadyBoyle Comes to Town with a New Exploit - Thoufique Haq - FireEye blog - 2013-02-07