The vulnerability is not in OpenX itself, but in an included component of Open Flash Chart 2. The vulnerability has been known for a long time but has not been patched to date. It's effects to OpenX and instructions for fixing and cleaning up after the issue are explained at kreativrauschen.com blog.
In our case the advertisement server simply broke down and delivered no advertisements at all. Access to the server caused Chrome to throw an "Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error" error while Firefox displayed "Content Encoding Error: The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression."
The server has now been re-installed, the vulnerability fixed and all traces of tampering removed. We apologize for any inconvenience.
-Jari Ketola
CTO, AfterDawn.com
Written by: Jari Ketola @ 12 Sep 2010 6:40