Invision Board Vuln

By Roger on May 20, 2006 11:08 PM | | Comments (0) | TrackBacks (0)

While watching a little NASCAR this evening and IMing with friends, I decided to check out the Movable Type Support Forum. Movable Type is the blog software I use over at infosecblog.org.

The second I browse to http://www.sixapart.com/movabletype/forums/index.php I notice an odd script prompt:

Next I got virus alert popups from Symantec Antivirus telling me I had wmf exploits in my temp files!

It looks like Six Apart (the company that makes movable type) is using Invision Power Board version 2.0.4. A major vulnerability was announced on this version a few days ago.

Moral of the story, if you haven’t learned it already. 1) patch your system. 2) up to date antivirus 3) even when you aren’t surfing the seedy underbelly of the web, you can get exploits thrown at you.

I’ve sent an alert to the ISC as well as to the webmaster at six apart.

Categories

Antivirus

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Invision Board Vuln.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/182

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on May 20, 2006 11:08 PM.

NY Times Article on Message Labs Spam Fighting was the previous entry in this blog.

Six Apart Forums WMF exploit is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search