This site uses JavaScript to provide a number of functions, to use this site please enable JavaScript in your browser.

Zscaler: A Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge (SSE)

Get the full report

gartner-mq-security-service-report

Your world, secured

Experience the transformative power of zero trust.

The Zscaler Difference

Experience the World’s Largest Security Cloud

Customer Success Stories

Analyst Recognition

Machine Learning and AI at Zscaler

Reduce Your Carbon Footprint

Zero Trust Fundamentals

What Is Zero Trust?

What Is Security Service Edge (SSE)?

What Is Secure Access Service Edge (SASE)?

What Is Zero Trust Network Access (ZTNA)?

What Is Secure Web Gateway (SWG)?

What Is Cloud Access Security Broker (CASB)?

What Is Cloud Native Application Protection Platform (CNAPP)?

Zero Trust Resources

Secure Your Users

Secure Your Users

Provide users with seamless, secure, reliable access to applications and data.

Secure Your Workloads

Secure Your Workloads

Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.

Secure Your IoT and OT

Secure Your IoT and OT

Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.

Products

Transform your organization with 100% cloud native services

Secure Internet Access (ZIA)

Secure Private Access (ZPA)

Digital Experience (ZDX)

Data Protection (CASB/DLP)

Posture Control

Solution Areas

Propel your business with zero trust solutions that secure and connect your resources

Cyberthreat Protection

Data Protection

Zero Trust Networking

Business Analytics

VPN Alternative

Zero Trust SASE

Accelerate M&A Integration

Optimize Digital Experiences

Zero Trust SD-WAN

Zero Trust Cloud Connectivity

Zero Trust for IoT/OT

Find a Product or Solution

Partner Integrations Industry and Market Solutions

Zero Trust Exchange Platform

Learn how Zscaler delivers zero trust with a cloud native platform that is the world’s largest security cloud

Zero Trust Exchange

Transform with Zero Trust Architecture

Propel your transformation journey

Secure Digital Transformation

Network Transformation

Application Transformation

Security Transformation

Secure Your Business Goals

Achieve your business and IT initiatives

Ensure Secure Business Continuity

Accelerate M&A and Divestitures

Recession-Proof Your Enterprise

Secure Your Hybrid Workforce

Download Zscaler Client Connector

Learn, connect, and get support.

Explore tools and resources to accelerate your transformation and secure your world

Amplifying the voices of real-world digital and zero trust pioneers

CXO REvolutionaries

Resource Center

Stay up to date on best practices

Resource Library

Customer Success Stories

Events & Trainings

Find programs, certifications, and events

Upcoming Events

Zscaler Academy

Security Research & Services

Get research and insights at your fingertips

ThreatLabz Analytics

Tools

Tools designed for you

Security Preview

Security and Risk Assessment

Security Advisory Updates

Disclose a Vulnerability

Executive Insights App

Ransomware Protection ROI Calculator

Community & Support

Connect and find support

Customer Success Center

Zenith Community

CXO REvolutionaries

Zscaler Help Portal

Explore the latest Zscaler Innovations

Industry & Market Solutions

See solutions for your industry and country

Financial Services

Resource Center

Stay up to date on best practices

Resource Library

Customer Success Stories

Events & Trainings

Find programs, certifications, and events

Upcoming Events

Zscaler Academy

Security Research & Services

Get research and insights at your fingertips

ThreatLabz Analytics

Tools

Tools designed for you

Security Preview

Security and Risk Assessment

Security Advisory Updates

Disclose a Vulnerability

Executive Insights App

Ransomware Protection ROI Calculator

Community & Support

Connect and find support

Customer Success Center

Zenith Community

CXO REvolutionaries

Zscaler Help Portal

Explore the latest Zscaler Innovations

Industry & Market Solutions

See solutions for your industry and country

Financial Services

Discover how it began and where it’s going

Meet our partners and explore system integrators and technology alliances

News & Announcements

Stay up to date with the latest news

Leadership Team

Meet our management team

Partner Integrations

Partner Integrations

Investor Relations

See news, stock information, and quarterly reports

Environmental, Social & Governance

Learn about our ESG approach

Join our mission

Find everything you need to cover Zscaler

Understand our adherence to rigorous standards

Zenith Ventures

Understand our adherence to rigorous standards

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

CVE-2010-0806 Exploit In The Wild

April 06, 2010 - 2 min read

Security Insights

Contents

Article
More blogs

CVE-2010-0806, a use-after-free vulnerability in the Peer Objects component, was announced in mid-March 2010. The vulnerability impacts Internet Explorer 6, 6 SP1, and 7 - a patch was made available by Microsoft in the MS10-018 security update last week. Zscaler received early notification of the vulnerability through our trusted partnership with Microsoft and was able to deploy signatures to detect and block exploit attempts soon after the public release of the vulnerability.

Today this site was detected and blocked for attempting to exploit CVE-2010-0806:
hxxp://cn.cnsa56.info/w/woz.htm
--> and supporting script: hxxp://cn.cnsa56.info/w/k.js

The JavaScript used to exploit the vulnerability is heavily obfuscated,
And the script contains some try-catch statements to evade detection and some automated analysis tools,
and
The above try{} statements will fail, so the code within catch{} will be run, which defines some variables and logic for decoding the above shellcode.

Wepawet fails to decode/analyze properly, and categorizes the URL as benign. VirusTotal has 2/39 Anti-Virus engines that detect as a suspicious JavaScript downloader through their heuristic engines.

After decoding and analyzing the shellcode, it downloads the payload:
hxxp://v.vkjk6.info/w/win.exe

Unfortunately, VirusTotal shows no detection for this file. When conducting basic analysis on the binary payload, it becomes obvious that this is not a valid PE executable. It is likely that the binary is encrypted or obfuscated and that the shellcode run from the CVE-2010-0806 exploit will decode the binary on the victim's machine. (I will run the exploit in a sandbox, and post any follow-on analysis of the payload).

Often times, the domain information for malicious domains is masked through a domain privacy service (like Domains by Proxy)- however, this was not the case for the domains involved in this attack.

Here is the billing information for the cnsa56.info domain:
This same registration information was used for another live domain: ac364.info

And for vkjk6.info:
126.com is a free email provider,

The registration information, email provider used, and variable names used in the attack indicate the attacker is a Chinese speaker and possibly of Chinese nationality.

Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware

Agniane Stealer: Dark Web’s Crypto Threat

Business people walking through a city

The Impact of the SEC’s New Cybersecurity Policies

Digital cloud illuminated in blue

Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)

The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

01 / 02