Web2Secure: Web Security Blog

We are non-funded group of security enthusiast who contributes and updates to community with latest security treats. Use and handle whatever links shared within website could be harmful to your systems with own risks. Feel free to use the contents for commercial or non-commercial purposes. We're very appreciating if using our useful information’s to your website by referring back to this original website. Donation or clicking on ads is most welcome to continue maintains costs for this website.

Tuesday, July 14, 2009

Microsoft Exploit ** OWC10.Spreadsheet ActiveX

Another Microsoft Office Web Components (OWX10.Spreadsheet) (owc10.dll) 0Day ActiveX revealed in wild and spread fast especially in China. The vulnerability named as OWX10.Spreadsheet msDataSourceObject Stack Overflow Exploit.

Malicious link: hxxp://www.fdsdffdfsf.cn/of.htm

After lookup, fdsdffdfsf.cn domain (59.34.198.57) and another few domains were blacklisted.

Other domains:

www.dgfdffdfs.cn

www.fdasfadf.cn

www.eweerwerre.cn

www.45sf8.com

www.520458.com

Content for "a.js"

After decode - malicious link (Trojan) hxxp:///new.exe

According to Virustotal, only 70.74% (29/41) of various scanners able to detect this malware file.

Reference: safelab.spaces.live.com

Web2Secure: Web Security Blog

Pages

Tuesday, July 14, 2009

Microsoft Exploit ** OWC10.Spreadsheet ActiveX

0 comments: