Bleeding Life Exploit Pack

I came across a new exploit pack called "Bleeding Life". This one has six exploits at its disposal and costs $200 in the underground. As you can see, it only focuses on Acrobat, Flash, and Java vulnerabilities which have a very high success rate.

  • Adobe Reader CVE-2010-1297 Affected Versions 9.0 - 9.3.2
  • Adobe Reader CVE-2010-0188 Affected Versions 9.0 - 9.3.0
  • Adobe Reader CVE-2010-0188 Affected Versions 8.0 - 8.2.0
  • Adobe Reader CVE 2008-2992 Affected Versions 7.0 - 7.1.0
  • Adobe Flash CVE-2009-1862 Affected Versions 10.0 - 10.0.22
  • Oracle/Sun Java CVE-2010-0842 Affected Versions x.x up to 1.0.6.18

The pack was downloadable from the Internet:

But all the files were encrypted so I was not able to view the source code. I did find a live version of this pack and it appears to be getting a 13.5% exploitation rate.

You'll also notice that Windows XP is still very popular and these exploit packs do in fact affect Windows 7 machines.

Update

Looks like that BleedingLife Exploit Pack version 2.0 has been released.

It now has the following exploits and costs $400.

  • CVE-2010-0806 - IEPeers Uninitialized Memory Corruption Vulnerability - IE6/IE7 Only - ALL Windows
  • CVE-2010-0842 - Java Unspecified vulnerability in the Sound component - Java 6 < Update 19 - ALL Windows
  • CVE-2010-3552 - Unspecified vulnerability in the New Java Plug-in - Java 6 < Update 22 - IE Only - ALL Windows
  • CVE-2008-2992 - Adobe Reader util.printf Stack Overflow - Adobe Reader < 7.1.1 - ALL Windows
  • CVE-2010-1297 - Adobe authplay.dll ActionScript AVM2 "newfunction" Vulnerability - Adobe Reader < 9.3.3 - ALL Windows
  • CVE-2010-2884 - Adobe authplay.dll ActionScript AVM2 memory corruption Vulnerability - Adobe Reader < 9.4.0 - ALL Windows
  • CVE-2010-0188 - Adobe Libtiff Integer Overflow - Adobe Reader < 9.3.1 - ALL Windows
  • CVE-2010-0188 - Adobe Libtiff Integer Overflow - Adobe Reader < 8.2.1 - ALL Windows
  • JavaSignedApplet - Java Signed Applet to download/exec payload (Requires user interaction but can be disabled.) - ALL Windows

Posted on: 11/22/2010

© KahuSecurity.com. All Rights Reserved.