Calendar Of Updates: CNET Networks site compromise - Calendar Of Updates

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

CNET Networks site compromise

#1 User is offline   Donna 

  • Guinea Pig???
  • PipPipPipPipPipPipPipPipPip
  • View blog
  • Group: Admin - Site
  • Posts: 17,260
  • Joined: 11-October 03


Users Awards

Posted 07 August 2008 - 07:01 AM

WebsenseŽ Security Labs™ ThreatSeeker™ Network has discovered that a CNET Networks site has been compromised. The main page of the CNET Clientside Developer Blog contains malicious JavaScript code that de-obfuscates into an iframe that loads its primary malicious payload from a different host.

The malicious code is observed to exploit a known integer overflow vulnerability in Adobe Flash (CVE-2007-0071). At the time of this alert, the site is still hosting the malicious code. Visitors who are not patched against this vulnerability will be infected without any user interaction.

Screenshot and more at http://securitylabs....lerts/3151.aspx

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic