Another Chinese Pack
This set of exploits was found on a Chinese website by @switchingtoguns. It appears to be another Chinese exploit pack.
The entry page contains iframes that call upon several exploit files in the single folder:
This pack, which we'll call "Zhī Zhū Pack" (pronounced "jii-juu"), contains five exploits but interestingly there are no Java exploits. The first three exploits were also found in the previously announced pack we called "Yang Pack".
- IEPeers (CVE-2010-0806)
- Flash 10.3.181.x (CVE-2011-2110)
- Flash 10.3.183.x (CVE-2011-2140)
- IE Time Element Memory Corruption (CVE-2011-1255)
- WMP MIDI (CVE-2012-0003)
Why are we calling it "Zhī Zhū"? There's numerous references to the word "spider" in several of its HTML files. "Zhī Zhū" in Chinese means spider so this is basically the Spider Exploit Pack.
The IE Time Element Memory Corruption exploit (CVE-2011-1255) has been seen in the wild since June of last year. It's the first time I'm seeing this exploit in a "pack".
The newest edition is the very recent Windows Media Player MIDI remote exploit code execution vulnerability (CVE-2012-0003):
The payload appears to be a password stealer for an online game: