Thursday, January 17, 2013

large-scale cyber espionage campaign called Operation Red October

In its paper, Kaspersky indicated that at least three different exploits for previously known vulnerabilities in Microsoft Office products were used in these attacks:
  • CVE-2009-3129 -- Microsoft Office Excel Featheader Record Processing Arbitrary Code Execution Vulnerability
  • CVE-2010-3333 - Microsoft Office Rich Text Format Content Processing Buffer Overflow Vulnerability
  • CVE-2012-0158 -- Microsoft MSCOMCTL.OCX ActiveX Control Remote Code Execution Vulnerability
A later report claims that the Oracle Java Applet Rhino Script Engine arbitrary code execution vulnerability documented in CVE-2011-3544 was used by one of the command and control servers in the Red October infrastructure.
This vulnerability is also documented in Intellishield Alert 27890. The following is an interesting fact explained on this IntelliShield alert:

No comments:

Post a Comment