Exploit:JS/CVE-2011-1345

Exploit:JS/CVE-2011-1345 is a detection for an exploit which is based on the vulnerability described in CVE-2011-1345 and resolved with the release of Microsoft Security Bulletin MS11-018. The vulnerability affects Internet Explorer (IE) browsers versions 6,7 and 8. Internet Explorer 9 is not affected. Successful exploitation of the vulnerability can lead to execution of arbitrary code on an affected computer within the current user's security context.

The vulnerability is based on the memory corruption that occurs during the handling of a memory object (creating or deleting) by an IE JavaScript engine, when executing the OnPropertyChange function. Successful exploitation of the vulnerability can lead to execution of arbitrary code on an affected computer within a user's security context.

In the wild, the exploit is found in the form of a 6,081 bytes JavaScript file, but the JavaScript can be embedded in HTML and hosted on a compromised or malicious website. The JavaScript file exploiting the vulnerability contains rudimentary encrypted shellcode payload. Once the shellcode gains control, it attempts to download and execute a banner.gif file from the website "www.ansme.com". At the time of writing the file was not available.

Analysis by Oleg Petrovsky