Endpoint Protection

Zero-Day Exploit for Lianzong Game Platform 

02-05-2008 03:00 AM

Symantec has discovered a zero-day exploit for a popular Chinese gaming platformthat is currently active in the wild. The exploit targets twovulnerable methods in the file HanGamePluginCn18.dll (referenced byCLSID:61F5C358-60FB-4A23-A312-D2B556620F20), causing a buffer overflowcondition.

The exploit attempts to download a malicious file from mm[dot]sqmnoopt[dot]com, which is detected as Downloader.Additionally, a configuration file is downloaded fromcnxz[dot]kv8[dot]info, which contains links to 27 malicious executablesdownloaded from 444[dot]sqmnoopt[dot]com and 2[dot]kv8[dot]info. Thesefiles are detected as Infostealer.Gampass

The vendor has been contacted, and Symantec is performing deeperanalysis of this exploit, with addition information to be posted as itbecomes available.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.