Diving into a Silverlight Exploit and Shellcode – Analysis and Techniques

by Omri Herscovici & Liran Englender

From our company’s blog (Check Point Software Technologies):

In recent years, exploit-kits have become one of the most common platforms for malware distribution. 

One of the exploits coming from Infinity exploit-kit exploits a security vulnerability in Microsoft Silverlight.

Compared to other technologies like Java, PDF, Flash, etc. – Silverlight exploits are less common. Just to get a rough feeling, according to cvedetails.com, from 2010 to 2014, 15 vulnerabilities were reported for Microsoft Silverlight , while Adobe Acrobat Reader had 268 vulnerabilities, Adobe Flash Player had 321 vulnerabilities; Microsoft Internet Explorer had 392 vulnerabilities and Java with at least 358 vulnerabilities. However, Microsoft Silverlight exploits, specifically CVE-2013-0074, are still delivered in active and well known exploit kits.

The blog post, including analysis PDF is availble here:

http://www.checkpoint.com/blog/technical-look-infinity-ek-silverlight-exploit-shellcode/index.html

Analysis PDF:
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf

Infinity EK Payload Decrypter Script:

https://github.com/omriher/InfinityEKPayloadDecrypter

Leave a Reply