Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Exploit Targeting A 7 Year Old Vulnerability? Really?

July 16, 2010 - 2 min read

We’ve actually spotted in-the-wild exploitation of “Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness” (Bugtraq ID 10514), a vulnerability first released in 2003. The exploit does get a little more modern as the code also targets vulnerability from 2009 (MS09-002). Here is a screenshot of the live infected page,

ImageThe malicious obfuscated JavaScript has been injected at the bottom of webpage. Let’s decode it. Here is the small part of the decoded script.


ImageFrom the above code, it is clear that it is targeting the ADODB.Stream vulnerability from 2003. Here is the other part of the decoded content which exploits the MS09-002 vulnerability.

ImageI am not going into the more details of this exploit as the code is pretty self explanatory. It is going to download additional malicious binaries and execute them on the system. The author who discovered this older ADODB.Stream vulnerability has posted a proof-of-concept. For those interested, an explanation of the MS09-002 vulnerability can be found here.

Virustotal results for the infected webpage show it being detected by 13 of 41 AV engines – not very impressive results for a seven year old vulnerability. It would appear that no matter how old vulnerabilities are, attackers will still try to leverage them as weapon. Hopefully most people have patched their systems at some point during the past seven years. Sadly, despite the age of the vulnerability, the use of JavaScript obfuscation has made this attack a challenge for AV vendors – a topic that we’ve discussed in the past.


form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.