Threat Description

Exploit:HTML/IESlice.BK

Details

Aliases:Exploit:​HTML/IESlice.BK
Category:Malware
Type:Exploit
Platform:JS

Summary



Exploit:HTML/IESlice.BK exploits a vulnerability in an ActiveX control used by Xunlei Thunder 5.7.4.401.

Malicious or compromised websites use the exploit to download and execute arbitrary code.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



Exploit:HTML/IESlice.BK is a script that exploits a heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control used by the pplayer.dll_1_work DLL of Xunlei Thunder 5.7.4.401.

Sucessful exploitation allows the attacker to download and execute arbitrary code on the victim's computer.

Exploitation is done via a malicious webpage containing the detected script.

This vulnerability is under review as CVE-2007-6144.

Exploit:HTML/IESlice.BK will attempt to download a file from the following URL and execute it:

  • http://9gg.biz/real.exe

The URL was inactive during investigations.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More