News & Events
Contact Us
Support
Partner Login

Partner Login

The PowerShift Program puts a world of resources at your fingertips.

Login Page:
http://powershift.netgear.com/

Apply to be a Partner:
http://powershift.netgear.com/et.cfm?eid=register

Forgot Password:
http://powershift.netgear.com/et.cfm?eid=resend_password

Not Yet a Partner? Learn More
Worldwide
Select A Location
- Austria
- China
- France
- Germany
Language or region not listed above?
Visit our Contact Us page to locate detailed regional contact information using our worldwide map.

Check back soon for deployment of more international websites.
All NETGEAR® Products

All Netgear® Products

From wireless routers and adapters to Layer 3 Managed Switches we have the networking equipment you need for your home or small business.

Visit NETGEAR.com

Products
Explore the ProSecure™ Series Family
ProSecure® UTM Series:
A comprehensive all-in-one gateway security solution for growing businesses needing a firewall
ProSecure® STM Series:
An integrated content security solution for medium sized businesses with an existing firewall
Get Started Today
ProSecure® License Keys

Purchase your license key(s) today for your ProSecure® STM and UTM appliances.
- Purchase Now
Technology
Resources
Partners
Customers
Community
About NETGEAR

Security Blog

Threat Lab Report: MS09-002 Security Hole, A Malware Author's New Favorite

Posted By Netgear Threat Lab at 11:07 AM, March 20, 2009

Each new security vulnerability that is discovered opens up a new flood gate for malware authors to spread their work. Recently, the Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability (MS09-002) has paved the way for many new malware. This is a vulnerability found in Microsoft Internet Explorer 7. The specific flaw exists in the handling of document objects. When an object is appended and deleted in a specific order, memory corruption occurs. A vulnerable user could be exploited through a specially crafted web page, which can arrive through a different distribution vector such as a malicious file. Once the user views the web page, the vulnerability may allow remote code execution.

Figure 1. The script used during the attack

Figure 2. Pointer points to the shell code which causes the buffer overflow

Although a patch for this security hole has already been released, our monitoring still shows large amounts of new malware being creating in attempt to exploit this vulnerability. Web sites that originally hosted Trojan horses to exploit MS08-78, instead now host Trojan horses that attempt to exploit this particular vulnerability (MS09-002). We believe that in the coming weeks, this security hole will still be one of the main ways malware authors use to spread malicious code.

Posted by: Netgear Threat Lab at 11:07 AM
Categories: Malware , Netgear Threat Lab

Security Blog

Threat Lab Report: MS09-002 Security Hole, A Malware Author's New Favorite

No TrackBacks

Comments

Categories

Recent Posts

Monthly Archives

ProSecure™ UTM9S

Tolly Report

On Demand Demos

SC Magazine Rating

Risk FREE 30 Day Trial

Customer Feedback

Review

Request More Information

Customer Feedback