Content

Exploit-BaoFeng.a

Type
Trojan
SubType
Exploit
Discovery Date
09/18/2007
Length
Varies
Minimum DAT
5122 (09/18/2007)
Updated DAT
5292 (05/09/2008)
Minimum Engine
5.1.00
Description Added
09/18/2007
Description Modified
09/24/2007 8:33 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Exploit-BaoFeng.a is a generic detection for web scripts that are targeting a buffer overflow vulnerability in BaoFeng, a popular media player in China. Specific versions of the player installs an ActiveX media player plugin which contains a vulnerability that can be remotely exploited via the web browser.

Some variants of this exploit may also be proactively detected as JS/Exploit-BO.gen when script scanning is enabled.

An updated version of the media player is currently available from the vendor to fix this vulnerability. More information of this vulnerability and the patch are available at:

 

 

Symptoms

When successful, Exploit-BaoFeng.a installs further malware on the vulnerable machine. Typically, it connects to a remote website to download malware.

 

Method of Infection

Specific versions of the BaoFeng media player installs an ActiveX media player plugin which contains a vulnerability that can be remotely exploited via the web browser.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Exploit-BaoFeng.a is a generic detection for web scripts that are targeting a buffer overflow vulnerability in BaoFeng, a popular media player in China.

 

Characteristics

Characteristics -

Exploit-BaoFeng.a is a generic detection for web scripts that are targeting a buffer overflow vulnerability in BaoFeng, a popular media player in China. Specific versions of the player installs an ActiveX media player plugin which contains a vulnerability that can be remotely exploited via the web browser.

Some variants of this exploit may also be proactively detected as JS/Exploit-BO.gen when script scanning is enabled.

An updated version of the media player is currently available from the vendor to fix this vulnerability. More information of this vulnerability and the patch are available at:

 

 

Symptoms

Symptoms -

When successful, Exploit-BaoFeng.a installs further malware on the vulnerable machine. Typically, it connects to a remote website to download malware.

 

Method of Infection

Method of Infection -

Specific versions of the BaoFeng media player installs an ActiveX media player plugin which contains a vulnerability that can be remotely exploited via the web browser.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A