Apache server exploit being reported at SANS
http://isc.sans.org/diary.php
Spy/Adware via Browser Vulnerabilities and Compromised Web Servers
Steve Friedl pointed us to the BroadbandReports discussion that documents a series of web server compromises that deliver spy/adware to victims that visit compromised sites. The victims are running a vulnerable browser. The information is still preliminary, but there are indications that the attackers are using an IFRAME vulnerability in Internet Explorer to deliver the payload. The web servers hosting the malicious code seem to be running Apache.
Steve Friedl pointed us to the BroadbandReports discussion that documents a series of web server compromises that deliver spy/adware to victims that visit compromised sites. The victims are running a vulnerable browser. The information is still preliminary, but there are indications that the attackers are using an IFRAME vulnerability in Internet Explorer to deliver the payload. The web servers hosting the malicious code seem to be running Apache.
http://www.broadbandreports.com/forum/remark,11904374
Reported on Full Disclosure:
xpire.info & splitinfinity.info - exploits in the wild
http://www.gossamer-threads.com/list...sclosure/27857
http://www.gossamer-threads.com/list...sclosure/27857
http://www.benedelman.org/news/111804-1.html
US-CERT reported Microsoft Internet Explorer vulnerable to buffer overflow via FRAME, IFRAME, and EMBED elements.
http://www.kb.cert.org/vuls/id/842160
