Threat Monitor
Troj.Downloader.VBS.Agent.yc
| Aliases: | |
|---|---|
| Pattern: | 200909281330 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
This malicious program exploits vulnerability CVE-2006-6838.
Rediff Bol Downloader ActiveX control is prone to a remote code-execution vulnerability. The vulnerability allows any Web page to download and spawn additional files. These files can be of any type. Internet Explorer displays an alert if the code points to a executable file on the Internet. However, execution of local files displays no alert. The attacker could exploit this vulnerability by persuading a victim to visit a specially-crafted Web page containing a URL in the url vbscript parameter.
Affected Versions: Rediff, Rediff Bol Downloader ActiveX
Rediff Bol Downloader ActiveX control is prone to a remote code-execution vulnerability. The vulnerability allows any Web page to download and spawn additional files. These files can be of any type. Internet Explorer displays an alert if the code points to a executable file on the Internet. However, execution of local files displays no alert. The attacker could exploit this vulnerability by persuading a victim to visit a specially-crafted Web page containing a URL in the url vbscript parameter.
Affected Versions: Rediff, Rediff Bol Downloader ActiveX
