I came across a new exploit pack called “Bleeding Life”. This one has six exploits at its disposal and costs $200 in the underground. As you can see, it only focuses on Acrobat, Flash, and Java vulnerabilities which has a very high success rate.
Adobe Reader CVE-2010-1297 Affected Versions 9.0 – 9.3.2
Adobe Reader CVE-2010-0188 Affected Versions 9.0 – 9.3.0
Adobe Reader CVE-2010-0188 Affected Versions 8.0 – 8.2.0
Adobe Reader CVE 2008-2992 Affected Versions 7.0 – 7.1.0
Adobe Flash CVE-2009-1862 Affected Versions 10.0 – 10.0.22
Oracle/Sun Java CVE-2010-0842 Affected Versions x.x up to 22.214.171.124
The pack was downloadable from the Internet:
But all the files were encrypted so I was not able to view the source code. I did find a live version of this pack and it appears to be getting a 13.5% exploitation rate.
You’ll also notice that Windows XP is still very popular and these exploit packs do in fact affect Windows 7 machines.
***** UPDATE *****
Looks like BleedingLife Exploit Pack version 2.0 has been released.
It now has the following exploits and costs $400 for new buyers:
– CVE-2010-0806 – IEPeers Uninitialized Memory Corruption Vulnerability – IE6/IE7 Only – ALL Windows
– CVE-2010-0842 – Java Unspecified vulnerability in the Sound component – Java 6 < Update 19 - ALL Windows - CVE-2010-3552 - Unspecified vulnerability in the New Java Plug-in - Java 6 < Update 22 - IE Only - ALL Windows - CVE-2008-2992 - Adobe Reader util.printf Stack Overflow - Adobe Reader < 7.1.1 - ALL Windows - CVE-2010-1297 - Adobe authplay.dll ActionScript AVM2 "newfunction" Vulnerability - Adobe Reader < 9.3.3 - ALL Windows - CVE-2010-2884 - Adobe authplay.dll ActionScript AVM2 memory corruption Vulnerability - Adobe Reader < 9.4.0 - ALL Windows - CVE-2010-0188 - Adobe Libtiff Integer Overflow - Adobe Reader < 9.3.1 - ALL Windows - CVE-2010-0188 - Adobe Libtiff Integer Overflow - Adobe Reader < 8.2.1 - ALL Windows - JavaSignedApplet - Java Signed Applet to download/exec payload (Requires user interaction but can be disabled.) - ALL Windows