|
Description:
This JavaScript may be hosted on a Web site and run when a user accesses the said Web site.
It takes advantage of a known vulnerability in several versions of the media player RealPlayer. More information on this vulnerability can be found on the following RealNetworks Web page:
Before exploiting the above-mentioned vulnerability, this malicious JavaScript first checks if the affected machine is running Windows 2000 or Windows XP with Internet Explorer 6 or 7. It also checks if RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system.
Once it successfully exploits the said vulnerability, this malicious JavaScript connects to a certain URL to download a malicious file detected as TROJ_AGENT.WPA. As a result, malicious routines of the downloaded file may be exhibited on the affected system.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 19, 2008 2:59:24 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
