JS/MS06-014!exploit detected in ui.core.js (10 posts)

  1. ruslany
    Posted 7 years ago #

    I have upgraded my antivirus and it started detecting an expoit when WordPress 2.7 Dashboard UI is loaded in IE7. The antivirus reports the following:

    Machine: RUSLAN, User: Ruslan\Ruslan.
    File Status: Infected

    Also IE reports two page loading errors:

    Line: 2
    Char: 246
    Error: 'ui.mouse' is null or not an object

    Line: 51
    Char: 4
    Error: Object doesn't support this property or method

    Is this a known issue? Is there really an exploit in the js files or WordPress 2.7?

  2. heisted
    Posted 7 years ago #

    You aren't alone, this also is happening to me -- just today!

  3. ruslany
    Posted 7 years ago #

    Yes, this happened to me today as well after signatures on my antivirus got updated. It worked fine before.

    Is there any known workaround/fix for this?

  4. Probably a false positive. Some antivirus products are way too overprotective.

    I just checked, and ui.core is identical to the one provided by jquery. No threat there.

    We had a similar problem before with some antivirus products and jquery, as I recall. False alarm there too, the vendor updated their signatures within a day or two.

  5. jaffa1
    Posted 7 years ago #

    Got the same when I visited my own blog and just wasted almost 3 hours running various anit viru/malware scans to get rid of the 'problem'.
    I'm using CA (aka Vet) Antivirus.

  6. cnymike
    Posted 7 years ago #

    I just got this from CA Security Suite. The problem is that the real-time virus protection -deleted- the file ui.core.js

    Do I simply replace that file and I'm good to go again? And if I replace it, I wonder how to have CA ignore it, since it was a real-time event.

  7. cnymike
    Posted 7 years ago #

    I was able to go into CS Anti-Virus and under Options for the Real-Time Scanner, I excluded ui.core.js.

    As soon as I extracted the zip of WordPress 2.7, CS identified and immediately deleted another file, ui.tabs.js

    This is troubling.

  8. ruslany
    Posted 7 years ago #

    My antivirus signature got updated again after one day and now it does not report this exploit. I guess it was a false positive.

  9. heisted
    Posted 7 years ago #

    Same here, after figuring out a workaround last night, the signature file for my CA eTrust AV was updated again this AM and the [apparent] false positive is no longer an issue.

  10. wpsquadster
    Posted 6 years ago #

    Forget about the antivirus WP plugin, it's bad. Wait until there's a proper one.

Topic Closed

This topic has been closed to new replies.

About this Topic