Html.Exploit.CVE_2017_0141-6003839-0

Discussions relating to ClamXav

Moderator: Mark

Html.Exploit.CVE_2017_0141-6003839-0

Postby Deckard » Thu 16 Mar 2017 12:00 am

ClamXav is notifying me of an infection in my browser caches when visiting any page on Yahoo Finance today: Html.Exploit.CVE_2017_0141-6003839-0

The only think I could find after a search was this link at the Symantec site (https://www.symantec.com/security_respo ... advisories). Looks like a Microsoft Edge browser problem and OS X users don't have to worry about it.

Is there anything that can be done besides trashing them and waiting for Yahoo to fix it?
Deckard
 
Posts: 10
Joined: Fri 22 Aug 2008 3:31 pm

Re: Html.Exploit.CVE_2017_0141-6003839-0

Postby alvarnell » Thu 16 Mar 2017 12:34 am

For now you can choose to ignore it or trash it since caches can always be removed without causing any issues. The signature was just added by the Cisco/ClamAV folks today.

You are correct that it addresses a vulnerability in Microsoft Edge that was patched yesterday, so of no concern to macOS/OS X users who are not also running Windows on their Mac. With what we know about Yahoo hacking it could easily be a correctly identified exploit attempt.

Another user has already opened a ticket with the ClamXav Help Desk on this, so there may be additional information available tomorrow.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5 & 10.11.6 / ClamXav 2.12.1 (ClamAV® 0.99.2)
alvarnell
Site Admin
 
Posts: 5465
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: Html.Exploit.CVE_2017_0141-6003839-0

Postby Deckard » Thu 16 Mar 2017 2:00 am

Thank you for the quick reply. It was only bothersome in that ClamXav would warn me anytime I navigated to a new page or open tab on Yahoo Finance. I don't recall ever having that many warnings from one web site regardless of which page I navigated to.
Deckard
 
Posts: 10
Joined: Fri 22 Aug 2008 3:31 pm

Re: Html.Exploit.CVE_2017_0141-6003839-0

Postby bradp015 » Thu 16 Mar 2017 3:10 pm

Hi, I am getting this as well. When logging into my paypal account. Just wanted to report it.
MBP, 10.11.6
If you want any info please ask..
bradp015
 
Posts: 3
Joined: Thu 24 Mar 2016 2:59 pm

Re: Html.Exploit.CVE_2017_0141-6003839-0

Postby alvarnell » Thu 16 Mar 2017 3:23 pm

There were two additional reports to the Help Desk over night as well as several elsewhere on the web. These reports are false-positives - the files are not infected. Please go back into ClamXav and check for updated virus definitions again which will solve the problem. I've also reported it to ClamAV.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5 & 10.11.6 / ClamXav 2.12.1 (ClamAV® 0.99.2)
alvarnell
Site Admin
 
Posts: 5465
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: Html.Exploit.CVE_2017_0141-6003839-0

Postby alvarnell » Sat 18 Mar 2017 6:37 am

ClamAV has also removed this signature with Daily - 23214, which should be available shortly.

There was also a problem with a second signature for the same vulnerability (Html.Exploit.CVE_2017_0141-6010301-0) when visiting wordpress web sites. ClamXav will also ignore that one now.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5 & 10.11.6 / ClamXav 2.12.1 (ClamAV® 0.99.2)
alvarnell
Site Admin
 
Posts: 5465
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA


Return to ClamXav

Who is online

Users browsing this forum: No registered users

cron