HTTP: Javascript fromCharCode Obfuscation Technique (7)
This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.
Extended Description
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability."
Affected Products
Microsoft internet_explorer
References
BugTraq: 65551
CVE: CVE-2015-0802
URL: https://helpx.adobe.com/security/products/flash-player/apsb15-05.html http://googleprojectzero.blogspot.com/2015/04/a-tale-of-two-exploits.html http://malware.dontneedcoffee.com/2015/03/cve-2015-0336-flash-up-to-1600305-and.html https://www.fireeye.com/blog/threat-research/2015/03/cve-2015-0336_nuclea.html https://blog.malwarebytes.org/exploits-2/2015/03/nuclear-ek-leverages-recently-patched-flash-vulnerability/ https://helpx.adobe.com/security/products/flash-player/apsa15-03.html http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ https://twitter.com/w3bd3vil/status/618168863708962816 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html http://www.brooksandrus.com/blog/2009/03/11/bilinear-resampling-with-flash-player-and-pixel-bender/ http://googleprojectzero.blogspot.com/2014/09/exploiting-cve-2014-0556-in-flash.html https://code.google.com/p/google-security-research/issues/detail?id=46 http://hacklab.kr/cve-2014-0556-%EB%B6%84%EC%84%9D/ http://malware.dontneedcoffee.com/2014/10/cve-2014-0556-adobe-flash-player.html https://helpx.adobe.com/security/products/flash-player/apsb14-21.html http://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html https://code.google.com/p/google-security-research/issues/detail?id=199 http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html http://hdwsec.fr/blog/CVE-2014-0322.html http://malwaremustdie.blogspot.ru/2013/02/cve-2013-0634-this-ladyboyle-is-not.html http://malware.dontneedcoffee.com/2013/03/cve-2013-0634-adobe-flash-player.html http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html http://labs.alienvault.com/labs/index.php/2013/adobe-patches-two-vulnerabilities-being-exploited-in-the-wild/ http://eromang.zataz.com/tag/cve-2013-0634/ http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 http://support.microsoft.com/kb/182569 http://blog.invisibledenizen.org/2009/01/ieunsafescripting-metasploit-module.html http://support.microsoft.com/kb/870669 https://support.apple.com/en-us/HT205375 https://cansecwest.com/slides07/csw07-nazario.pdf https://www.cs.ucsb.edu/~marco/blog/3008/10/dom-based-obfuscation-in-malicious-javascript.html
Short Name
HTTP:STC:SCRIPT:FROMCC-OBFUS-7
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(7) CVE-2013-0027 CVE-2015-0336 CVE-2015-0802 CVE-2015-0816 Javascript Obfuscation Technique bid:65551 fromCharCode
Release Date
09/20/2016
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3814
False Positive
Frequently
Vendors
Microsoft
CVSS Score
9.3
5.0