Major online ad site hacked, serving up exploit cocktail

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.

According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm.  The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader.

Here's a list of the exploits associated with this attack:

• Microsoft DirectShow (CVE-2008-0015)
• Microsoft Snapshot Viewer (CVE-2008-2463)
• Microsoft Data Access Components (MDAC) CVE-2006-0003
• AOL ConvertFile() remote buffer overflow exploit

Websense said the rigged site also comes with an auto-loading malicious PDF file that attempts to exploit these vulnerabilities:

• Adobe Reader and Acrobat 8.1.1 buffer overflow (CVE-2007-5659)
• Adobe Acrobat and Reader 8.1.2 buffer overflow (CVE-2008-2992)

If the user's browser is successfully exploited, Websense says a malicious file is downloaded and run in the user's Windows home directory from another collaborated exploit site.

The company's blog has screenshots of the attack site.