A forum for reverse engineering, OS internals and malware analysis 

Cool Exploit Kit

Forum for analysis and discussion about malware.

Re: Cool Exploit Kit

 #16592  by hnpl2011
 Tue Nov 13, 2012 9:38 am
hnpl2011 wrote:https://threatpost.com/en_us/blogs/new- ... kit-111212
new exploit has been found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw that’s been patched by Oracle in Java 7 Update 9.
CVE 2012-0705
cve 2012-1723
CVE 2012-4681
CVE 2010-0188
Attachments
pass: infected
(1.46 MiB) Downloaded 126 times
Last edited by EP_X0FF on Tue Nov 13, 2012 3:28 pm, edited 1 time in total. Reason: password added

Re: Cool Exploit Kit

 #16593  by secObs
 Tue Nov 13, 2012 1:06 pm
You should set a password for the archive.

Re: Cool Exploit Kit

 #16595  by EP_X0FF
 Tue Nov 13, 2012 3:29 pm
secObs wrote:You should set a password for the archive.
Password has been added. Further for such incidents please use "Report this post" button.

Re: Cool Exploit Kit

 #17846  by EP_X0FF
 Fri Jan 25, 2013 6:03 am
Cassiel wrote:A new batch of jar files, migt be fun to analyze

https://docs.google.com/file/d/0B7GynK_ ... Ffalk/edit
pswd = infected
They all are CVE-2013-0422/CVE-2012-1723 combined exploit with layer of autogenerated obfuscation. So sending one exploit code, they can cover any vulnerable Java 6 installations and vulnerable Java 7 installations at one time. As for JRE 7, CVE-2012-1723 is only applicable up to JRE 7u4, they can abuse CVE-2013-0422 to cover JRE 7u5 to 7u10 for exploitation.

More was posted here
http://blogs.technet.com/b/mmpc/archive ... -0422.aspx
 Return to “Malware”