Content
Exploit-CodeBase
- Type
- Malware
- SubType
- Exploit
- Discovery Date
- 02/27/2002
- Length
- Varies
- Minimum DAT
- 4190 (03/13/2002)
- Updated DAT
- 5548 (03/09/2009)
- Minimum Engine
- 5.1.00
- Description Added
- 03/08/2002
- Description Modified
- 01/29/2006 8:04 PM (PT)
Tab Navigation
Characteristics
-- Update 27th August, 2004 --
A recent vulnerability has been found in WinAmp 3.0 and later. This vulnerability is found in the way WinAmp loads new skins, which can result in malicious files being executed on the victim's machine. Detection for the html file that launches the malicious code is detected as Exploit-Codebase.gen.
There is currently no patch for this vulnerability, but RealNetworks had been quoted that a patch will be available by the end of this year.
--
This is a generic detection of malware which tries to exploit a Microsoft Internet Explorer vulnerability, which was discovered February 25, 2002. This exploit could result in an executable file being run without the user's permission or knowledge, when visiting a web page or viewing HTML email message. This affects Internet Explorer 4.x and higher, Microsoft Outlook, and Microsoft Outlook Express.
This vulnerability has incorrectly been called the "Popup Object Vulnerabilty", the "Data Source Object Vulnerability", the "XMLid Exploit", or the "DynHTML Exploit" but these are just the methods to insert the exploit into the HTML. The vulnerability occurs because Internet Explorer allows HTML in the "Internet Zone" to launch programs in the "My Computer Zone".
A patch is available from Microsoft here
Symptoms
Vary
Method of Infection
Embedded code is used to exploit a data binding vulnerability in Internet Explorer.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
Aliases
- Exploit.CodeBaseExec (AVP)
- XMLid.Exploit (NAV)
Characteristics
Characteristics -
-- Update 27th August, 2004 --
A recent vulnerability has been found in WinAmp 3.0 and later. This vulnerability is found in the way WinAmp loads new skins, which can result in malicious files being executed on the victim's machine. Detection for the html file that launches the malicious code is detected as Exploit-Codebase.gen.
There is currently no patch for this vulnerability, but RealNetworks had been quoted that a patch will be available by the end of this year.
--
This is a generic detection of malware which tries to exploit a Microsoft Internet Explorer vulnerability, which was discovered February 25, 2002. This exploit could result in an executable file being run without the user's permission or knowledge, when visiting a web page or viewing HTML email message. This affects Internet Explorer 4.x and higher, Microsoft Outlook, and Microsoft Outlook Express.
This vulnerability has incorrectly been called the "Popup Object Vulnerabilty", the "Data Source Object Vulnerability", the "XMLid Exploit", or the "DynHTML Exploit" but these are just the methods to insert the exploit into the HTML. The vulnerability occurs because Internet Explorer allows HTML in the "Internet Zone" to launch programs in the "My Computer Zone".
A patch is available from Microsoft here
Symptoms
Symptoms -
Vary
Method of Infection
Method of Infection -
Embedded code is used to exploit a data binding vulnerability in Internet Explorer.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
