Support » Fixing WordPress » JS/MS06-014!exploit detected in ui.core.js

  • I have upgraded my antivirus and it started detecting an expoit when WordPress 2.7 Dashboard UI is loaded in IE7. The antivirus reports the following:

    The JS/MS06-014!exploit was detected in C:\USERS\RUSLAN\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\I3WM9LC7\UI.CORE[1].JS.
    Machine: RUSLAN, User: Ruslan\Ruslan.
    File Status: Infected

    Also IE reports two page loading errors:

    Line: 2
    Char: 246
    Error: ‘ui.mouse’ is null or not an object

    Line: 51
    Char: 4
    Error: Object doesn’t support this property or method

    Is this a known issue? Is there really an exploit in the js files or WordPress 2.7?

Viewing 9 replies - 1 through 9 (of 9 total)
  • You aren’t alone, this also is happening to me — just today!

    Yes, this happened to me today as well after signatures on my antivirus got updated. It worked fine before.

    Is there any known workaround/fix for this?

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Probably a false positive. Some antivirus products are way too overprotective.

    I just checked, and ui.core is identical to the one provided by jquery. No threat there.

    We had a similar problem before with some antivirus products and jquery, as I recall. False alarm there too, the vendor updated their signatures within a day or two.

    Got the same when I visited my own blog and just wasted almost 3 hours running various anit viru/malware scans to get rid of the ‘problem’.
    I’m using CA (aka Vet) Antivirus.

    I just got this from CA Security Suite. The problem is that the real-time virus protection -deleted- the file ui.core.js

    Do I simply replace that file and I’m good to go again? And if I replace it, I wonder how to have CA ignore it, since it was a real-time event.

    I was able to go into CS Anti-Virus and under Options for the Real-Time Scanner, I excluded ui.core.js.

    As soon as I extracted the zip of WordPress 2.7, CS identified and immediately deleted another file, ui.tabs.js

    This is troubling.

    My antivirus signature got updated again after one day and now it does not report this exploit. I guess it was a false positive.

    Same here, after figuring out a workaround last night, the signature file for my CA eTrust AV was updated again this AM and the [apparent] false positive is no longer an issue.

    Forget about the antivirus WP plugin, it’s bad. Wait until there’s a proper one.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘JS/MS06-014!exploit detected in ui.core.js’ is closed to new replies.