Microsoft IE FRAME/IFRAME/EMBED Tag Overflow (Bofra Worm Detection)

critical Nessus Plugin ID 15746

Synopsis

The remote host is infected with a worm.

Description

The remote host seems to have been infected with the Bofra worm or one of its variants, which infects machines via an Internet Explorer IFRAME exploit. It is very likely this system has been compromised.

Solution

Verify that the remote system has been compromised, and re-install if necessary.

See Also

http://www.nessus.org/u?15ea74a4

Plugin Details

Severity: Critical

ID: 15746

File Name: bofra_detect.nasl

Version: 1.24

Type: remote

Family: Backdoors

Published: 11/17/2004

Updated: 6/1/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/25/2004

Reference Information

CVE: CVE-2004-1050

BID: 11515