SHELLCODE: Metasploit JavaScript Obfuscation
This signature detects the use of the Javascript String's Replace function as a method of creating obfuscated Javascript to avoid content inspection/filtering systems. Such scripts are commonly used by Metasploit to avoid IPS detection, but can also be used by ad-ware for similar reasons.
Extended Description
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
Affected Products
Chilkat_software chilkat_crypt_activex_control
Short Name
SHELLCODE:JS:OBFUSCATION
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2008-0015 CVE-2008-5002 JavaScript Metasploit Obfuscation
Release Date
06/06/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Chilkat_software
CVSS Score
9.3