While watching a little NASCAR this evening and IMing with friends, I decided to check out the Movable Type Support Forum. Movable Type is the blog software I use over at infosecblog.org.
The second I browse to http://www.sixapart.com/movabletype/forums/index.php I notice an odd script prompt:
Next I got virus alert popups from Symantec Antivirus telling me I had wmf exploits in my temp files!
It looks like Six Apart (the company that makes movable type) is using Invision Power Board version 2.0.4. A major vulnerability was announced on this version a few days ago.
Moral of the story, if you haven’t learned it already. 1) patch your system. 2) up to date antivirus 3) even when you aren’t surfing the seedy underbelly of the web, you can get exploits thrown at you.
I’ve sent an alert to the ISC as well as to the webmaster at six apart.
Related posts:
[...] to the RSS feed for updates on this topic.Powered by WP Greet Box WordPress PluginI posted here and here on May 20th regarding exploitation of Invision Power Board bulletin board using in Movable [...]
[...] versions prior to 2.1.7. Hopefully they’ll get patched and back online soon. Back in May, I wrote when that forum was exploited and modified to serve up WMF exploits. At that time I let the SANS ISC [...]