Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Exploit In The Wild For MS06-014 – A Five Year Old Vulnerability

January 20, 2011 - 1 min read
Although 0day vulnerabilities receive all the attention, it’s not unusual to see attackers still taking advantage of old vulnerabilities to attack end users. Here's such an example where the vulnerability used was MS06-014 – a five year old vulnerability!. hxxp:// delivers an obfuscated JavaScript exploit for this attack. Back in 2006 Metasploit released exploit code for this vulnerability.

Lets look at obfuscated JavaScript used:

The de-obfuscated code looks like this:
The exploit takes advantage of vulnerable ActiveX object “RDS.DataControl” having classid “BD96C556-65A3-11D0-983A-00C04FC29E36”. The exploit is designed to download executable files, which are then stored on victim's machine. This executable file path in the exploit is as follows:
This in turn decodes to:
Virustotal results indicate that 21/43 AV engines have protection against this Trojan – a concerning statistic considering the age of the exploit used to deploy the malware. Virustotal’s URL submission indicates that malware URL was submitted on 2010-11-18 and still is in active state. Why would attackers continue to leverage such an old vulnerability? Sadly, as we have shown in our quarterly reports, nearly one in five corporate users still employ Internet Explorer 6, a nine year old web browser.

form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.