WordPress.org

Ready to get started?Download WordPress

Forums

JS/MS06-014!exploit detected in ui.core.js (10 posts)

  1. ruslany
    Member
    Posted 5 years ago #

    I have upgraded my antivirus and it started detecting an expoit when WordPress 2.7 Dashboard UI is loaded in IE7. The antivirus reports the following:

    The JS/MS06-014!exploit was detected in C:\USERS\RUSLAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\I3WM9LC7\UI.CORE[1].JS.
    Machine: RUSLAN, User: Ruslan\Ruslan.
    File Status: Infected

    Also IE reports two page loading errors:

    Line: 2
    Char: 246
    Error: 'ui.mouse' is null or not an object

    Line: 51
    Char: 4
    Error: Object doesn't support this property or method

    Is this a known issue? Is there really an exploit in the js files or WordPress 2.7?

  2. heisted
    Member
    Posted 5 years ago #

    You aren't alone, this also is happening to me -- just today!

  3. ruslany
    Member
    Posted 5 years ago #

    Yes, this happened to me today as well after signatures on my antivirus got updated. It worked fine before.

    Is there any known workaround/fix for this?

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 5 years ago #

    Probably a false positive. Some antivirus products are way too overprotective.

    I just checked, and ui.core is identical to the one provided by jquery. No threat there.

    We had a similar problem before with some antivirus products and jquery, as I recall. False alarm there too, the vendor updated their signatures within a day or two.

  5. jaffa1
    Member
    Posted 5 years ago #

    Got the same when I visited my own blog and just wasted almost 3 hours running various anit viru/malware scans to get rid of the 'problem'.
    I'm using CA (aka Vet) Antivirus.

  6. cnymike
    Member
    Posted 5 years ago #

    I just got this from CA Security Suite. The problem is that the real-time virus protection -deleted- the file ui.core.js

    Do I simply replace that file and I'm good to go again? And if I replace it, I wonder how to have CA ignore it, since it was a real-time event.

  7. cnymike
    Member
    Posted 5 years ago #

    I was able to go into CS Anti-Virus and under Options for the Real-Time Scanner, I excluded ui.core.js.

    As soon as I extracted the zip of WordPress 2.7, CS identified and immediately deleted another file, ui.tabs.js

    This is troubling.

  8. ruslany
    Member
    Posted 5 years ago #

    My antivirus signature got updated again after one day and now it does not report this exploit. I guess it was a false positive.

  9. heisted
    Member
    Posted 5 years ago #

    Same here, after figuring out a workaround last night, the signature file for my CA eTrust AV was updated again this AM and the [apparent] false positive is no longer an issue.

  10. wpsquadster
    Member
    Posted 4 years ago #

    Forget about the antivirus WP plugin, it's bad. Wait until there's a proper one.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags