Conficker is not popular in China
The Report about Vulnerabilities in Green Dam frThree new 0-day Exploits used in drive-by-download attack in China
[Post on : May 3, 2009 17:25 | Category : Exploit & Vulnerability | by : hzqedison]
Reship : Original
hello everyone,
this week,we found Three new 0-days Exploits used in drive-by-download attack in China.BaoFeng (mps.dll&Config.dll) Remote Code Execution Exploit and Chinagames(CGAgent.dll)Remote Code Execution Exploit are active exploitation for these vulnerability in the wild.
BaoFeng (mps.dll) Remote Code Execution Exploit
BaoFeng (Config.dll) Remote Code Execution Exploit
Chinagames(CGAgent.dll) Remote Code Execution Exploit
Now there is no patch to fix three 0-day exploits.before the patch published we can do:
Setting the kill bit for the following baofeng and Chinesegames CLSIDs for Internet Explorer:
or save as the following .reg to fix
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75108B29-202F-493C-86C5-1C182A485C4C}]
“Compatibility Flags”=dword:00000400
PS:
BaoFeng products is the most popular Media Player in China.Form the iUserTracker reported BaoFeng Media Player have a 61.47% market share in March 2009.BaoFeng Media Player user is more than Windows Media Player .
Last modified by hzqedison onMay 3, 2009 17:33
this week,we found Three new 0-days Exploits used in drive-by-download attack in China.BaoFeng (mps.dll&Config.dll) Remote Code Execution Exploit and Chinagames(CGAgent.dll)Remote Code Execution Exploit are active exploitation for these vulnerability in the wild.
BaoFeng (mps.dll) Remote Code Execution Exploit
Quotation
When baofeng products are installed,they register the following ActiveX control on the system:
Affected versions:
baofeng products<=[3.09.04.17]
CLSID:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB
Proble File:mps.dll
Proble Func:Sub OnBeforeVideoDownload(ByVal URL As String)
Affected versions:
baofeng products<=[3.09.04.17]
CLSID:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB
Proble File:mps.dll
Proble Func:Sub OnBeforeVideoDownload(ByVal URL As String)
BaoFeng (Config.dll) Remote Code Execution Exploit
Quotation
When baofeng products are installed,they register the following ActiveX control on the system:
Affected versions:
baofeng products<=[3.09.04.17]
CLSID:BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05
Proble File:Config.dll
Proble Func:Sub SetAttributeValue (
ByVal lpQueryStr As String ,
ByVal bstrAttributeName As String ,
ByVal lpValueStr As String
)
Affected versions:
baofeng products<=[3.09.04.17]
CLSID:BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05
Proble File:Config.dll
Proble Func:Sub SetAttributeValue (
ByVal lpQueryStr As String ,
ByVal bstrAttributeName As String ,
ByVal lpValueStr As String
)
Chinagames(CGAgent.dll) Remote Code Execution Exploit
Quotation
When Chinagames products are installed,they register the following ActiveX control on the system:
Affected versions:
Chinagames 2009
CLSID:75108B29-202F-493C-86C5-1C182A485C4C
Proble File:CGAgent.dll
Proble Func:Sub CreateChinagames (ByVal lpszToken As String)
Affected versions:
Chinagames 2009
CLSID:75108B29-202F-493C-86C5-1C182A485C4C
Proble File:CGAgent.dll
Proble Func:Sub CreateChinagames (ByVal lpszToken As String)
Now there is no patch to fix three 0-day exploits.before the patch published we can do:
Setting the kill bit for the following baofeng and Chinesegames CLSIDs for Internet Explorer:
Quotation
CLSID:BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05
CLSID:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB
CLSID:75108B29-202F-493C-86C5-1C182A485C4C
CLSID:6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB
CLSID:75108B29-202F-493C-86C5-1C182A485C4C
or save as the following .reg to fix
Quotation
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD103B2B-30FB-4F1E-8C17-D8F6AADBCC05}]
“Compatibility Flags”=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75108B29-202F-493C-86C5-1C182A485C4C}]
“Compatibility Flags”=dword:00000400
PS:
BaoFeng products is the most popular Media Player in China.Form the iUserTracker reported BaoFeng Media Player have a 61.47% market share in March 2009.BaoFeng Media Player user is more than Windows Media Player .
Last modified by hzqedison onMay 3, 2009 17:33
