MS06-006: Downloader.EEAZ - Uses Media Player Exploit
Posted
Tuesday, September 12, 2006 12:34 PM
by
hwaldron
This new Java script based malware agent is low-risk and most folks should be patched. It includes an exploit for a vulnerability patched by Microsoft during early 2006.
MS06-006: Downloader.EEAZ - Uses Media Player Exploit
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FDLOADER%2EEAZ
MS06-006: Downloader.EEAZ - Behavioral Diagram
http://www.trendmicro.com/vinfo/images/JS_DLOADER_EAZ2.gif
(MS06-006) Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
http://www.microsoft.com/technet/security/bulletin/MS06-006.mspx
QUOTE: This malicious JavaScript may arrive embedded in a file dropped by another malware, manually downloaded and installed by an unsuspecting user, or spammed through email. It may also be hosted by certain Web sites. It takes advantage of the Windows Media Player Plug-in vulnerability.