Bleeding Life Exploit Pack

I came across a new exploit pack called “Bleeding Life”. This one has six exploits at its disposal and costs $200 in the underground. As you can see, it only focuses on Acrobat, Flash, and Java vulnerabilities which has a very high success rate.

Adobe Reader CVE-2010-1297 Affected Versions 9.0 – 9.3.2
Adobe Reader CVE-2010-0188 Affected Versions 9.0 – 9.3.0
Adobe Reader CVE-2010-0188 Affected Versions 8.0 – 8.2.0
Adobe Reader CVE 2008-2992 Affected Versions 7.0 – 7.1.0
Adobe Flash CVE-2009-1862 Affected Versions 10.0 – 10.0.22
Oracle/Sun Java CVE-2010-0842 Affected Versions x.x up to 1.0.6.18

The pack was downloadable from the Internet:

But all the files were encrypted so I was not able to view the source code. I did find a live version of this pack and it appears to be getting a 13.5% exploitation rate.

You’ll also notice that Windows XP is still very popular and these exploit packs do in fact affect Windows 7 machines.

***** UPDATE *****

Looks like BleedingLife Exploit Pack version 2.0 has been released.

It now has the following exploits and costs $400 for new buyers:

– CVE-2010-0806 – IEPeers Uninitialized Memory Corruption Vulnerability – IE6/IE7 Only – ALL Windows
– CVE-2010-0842 – Java Unspecified vulnerability in the Sound component – Java 6 < Update 19 – ALL Windows
– CVE-2010-3552 – Unspecified vulnerability in the New Java Plug-in – Java 6 < Update 22 – IE Only – ALL Windows
– CVE-2008-2992 – Adobe Reader util.printf Stack Overflow – Adobe Reader < 7.1.1 – ALL Windows
– CVE-2010-1297 – Adobe authplay.dll ActionScript AVM2 “newfunction” Vulnerability – Adobe Reader < 9.3.3 – ALL Windows
– CVE-2010-2884 – Adobe authplay.dll ActionScript AVM2 memory corruption Vulnerability – Adobe Reader < 9.4.0 – ALL Windows
– CVE-2010-0188 – Adobe Libtiff Integer Overflow – Adobe Reader < 9.3.1 – ALL Windows
– CVE-2010-0188 – Adobe Libtiff Integer Overflow – Adobe Reader < 8.2.1 – ALL Windows
– JavaSignedApplet – Java Signed Applet to download/exec payload (Requires user interaction but can be disabled.) – ALL Windows

This entry was posted in Exploit Packs and tagged , . Bookmark the permalink.