Html.Exploit.CVE_2016_0228-6327291-2

Discussions relating to ClamXav

Moderator: Mark

Html.Exploit.CVE_2016_0228-6327291-2

Postby robby » Mon 30 Apr 2018 9:38 am

Hi, since today I'm getting a bunch of infection notifications for this exploit. The filename is getting concatenated and hence always becoming longer for every notification. This somehow all looks a bit strange...

However, does anyone has more information about this exploit, ClamXav behavior, what to do etc.?
robby
 
Posts: 6
Joined: Thu 20 Aug 2015 6:38 am

Re: Html.Exploit.CVE_2016_0228-6327291-2

Postby alvarnell » Mon 30 Apr 2018 10:50 am

NIST: CVE-2016-0228.

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5, 10.11.6, 10.12.6 & 10.13.2 / ClamXAV v2.18.1/0.100.0 (3610)
alvarnell
Site Admin
 
Posts: 5477
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: Html.Exploit.CVE_2016_0228-6327291-2

Postby robby » Mon 30 Apr 2018 1:07 pm

Thanks, I know the exploit background and meant why it's now showing up in context with clamxav in such a strange way since I use exactly the same web-pages. So, did it slipped through undetected in the past?
robby
 
Posts: 6
Joined: Thu 20 Aug 2015 6:38 am

Re: Html.Exploit.CVE_2016_0228-6327291-2

Postby alvarnell » Mon 30 Apr 2018 8:39 pm

The signature has been in the ClamAV database since January 10, so as long as you have been keeping your definitions up-to-date, a script must have changed or been added recently on that web site.

I'm guessing you find the infected files in a browser cache? If you highlight the entry in the Infected Items window and do a Copy (Command-C) then you can Paste (Command-V) complete information on the location to a reply back here.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5, 10.11.6, 10.12.6 & 10.13.2 / ClamXAV v2.18.1/0.100.0 (3610)
alvarnell
Site Admin
 
Posts: 5477
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA


Return to ClamXav

Who is online

Users browsing this forum: No registered users

cron