/>
X
Business

Major online ad site hacked, serving up exploit cocktail

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users.
Written by Ryan Naraine, Contributor on

A high-profile online advertising Web site has been hacked and rigged to serve multiple exploits to Microsoft Windows users surfing the net with unpatched third party desktop software.

According to a warning issued by Websense Security Labs, the malicious code was found on media-servers.net, which is described as a high-profile advertiser on the Internet realm.  The site has been firing an assortment of exploits for several months, including exploits for vulnerabilities in Microsoft DirectShow and Adobe PDF Reader.

Here's a list of the exploits associated with this attack:

  • Microsoft DirectShow (CVE-2008-0015)
  • Microsoft Snapshot Viewer (CVE-2008-2463)
  • Microsoft Data Access Components (MDAC) CVE-2006-0003
  • AOL ConvertFile() remote buffer overflow exploit

Websense said the rigged site also comes with an auto-loading malicious PDF file that attempts to exploit these vulnerabilities:

  • Adobe Reader and Acrobat 8.1.1 buffer overflow (CVE-2007-5659)
  • Adobe Acrobat and Reader 8.1.2 buffer overflow (CVE-2008-2992)

If the user's browser is successfully exploited, Websense says a malicious file is downloaded and run in the user's Windows home directory from another collaborated exploit site.

The company's blog has screenshots of the attack site.

Editorial standards