A few weeks ago, we have published news related to vulnerability in Microsoft XML core services(CVE-2012-1889). The vulnerability is a true zero-day, being exploited in the wild, with no patch yet available from Microsoft.
Sophos researchers discovered that the exploit for this vulnerability has been added to the Blackhole exploit kit.
A new function has been added to the Blackhole exploit that targets CVE-2012-1889. The function used well-described heapspray techniques to deliver the shellcode, prior to exploiting the vulnerability in order that execution passes to that shellcode.
The shellcode is pretty straightforward, attempting to download the payload (a dll) from a remote server, writing it to the temp folder.
Sophos researchers discovered that the exploit for this vulnerability has been added to the Blackhole exploit kit.
A new function has been added to the Blackhole exploit that targets CVE-2012-1889. The function used well-described heapspray techniques to deliver the shellcode, prior to exploiting the vulnerability in order that execution passes to that shellcode.
The shellcode is pretty straightforward, attempting to download the payload (a dll) from a remote server, writing it to the temp folder.