A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.
According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm. The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader.
Here's a list of the exploits associated with this attack:
Microsoft DirectShow (CVE-2008-0015)
Microsoft Snapshot Viewer (CVE-2008-2463)
Microsoft Data Access Components (MDAC) CVE-2006-0003
AOL ConvertFile() remote buffer overflow exploit
Websense said the rigged site also comes with an auto-loading malicious PDF file that attempts to exploit these vulnerabilities:
Adobe Reader and Acrobat 8.1.1 buffer overflow (CVE-2007-5659)
Adobe Acrobat and Reader 8.1.2 buffer overflow (CVE-2008-2992)
If the user's browser is successfully exploited, Websense says a malicious file is downloaded and run in the user's Windows home directory from another collaborated exploit site.