Exploit Targeting A 7 Year Old Vulnerability? Really?
We’ve actually spotted in-the-wild exploitation of “Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness” (Bugtraq ID 10514), a vulnerability first released in 2003. The exploit does get a little more modern as the code also targets vulnerability from 2009 (MS09-002). Here is a screenshot of the live infected page,
From the above code, it is clear that it is targeting the ADODB.Stream vulnerability from 2003. Here is the other part of the decoded content which exploits the MS09-002 vulnerability.
I am not going into the more details of this exploit as the code is pretty self explanatory. It is going to download additional malicious binaries and execute them on the system. The author who discovered this older ADODB.Stream vulnerability has posted a proof-of-concept. For those interested, an explanation of the MS09-002 vulnerability can be found here.