HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 71 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Adobe flash player 0day exploit
EH-Net
May 25, 2013, 07:42:43 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Adobe flash player 0day exploit  (Read 5619 times)
0 Members and 1 Guest are viewing this topic.
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« on: May 27, 2008, 11:40:48 PM »
Ouch!, There's an 0day for Adobe flash player latest version and older. Currently there's no patch. Attackers are exploiting this in the wild. I can say this for a fact since for the past week or so, I've been monitoring a server hosted in China as part of an ongoing investigation in my company. The malicious site updates their malicious code almost daily and today I've noticed that they included what appears to be the new exploit for the Adobe flash player.

For example:

hxxp://www.woai###.cn/4562.swf

There's also seems to be a massive sql injection attack inserting malicious code that automatically redirect users without their consent to this malicious file or other similar swf files.

So my friends be careful out there in cyberspace and don't visit untrusted websites. Update your anti-virus software and if possible I would suggest setting a killbit for the flash player or adding a rule to your perimeter devices to block swf files until there is an official patch. Also NoScript is your best friend.

Additional info concerning this issue:

http://isc.sans.org/diary.html?storyid=4465
http://isc.sans.org/diary.html?storyid=4468
http://www.securityfocus.com/bid/29386/info
http://news.cnet.com/8301-10789_3-9952547-57.html?tag=nefd.top
« Last Edit: May 27, 2008, 11:42:28 PM by blackazarro » Logged
Security+, OSCP, CEH
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #1 on: May 27, 2008, 11:52:05 PM »

Response from Adobe:

Quote
Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.


http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Logged
Security+, OSCP, CEH
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 233


Klaatu, Borada,Necktie?


View Profile
« Reply #2 on: May 28, 2008, 09:32:20 AM »
Quote
An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday.

http://news.yahoo.com/s/pcworld/20080527/tc_pcworld/146343;_ylt=AoDpvH6PMVqX3dAPiZCtTFAjtBAF
Logged
Reluctant CISSP, Certified ASS
nebu10uz
Sr. Member
****
Offline Offline

Posts: 368



View Profile WWW
« Reply #3 on: May 28, 2008, 09:37:19 PM »
Quote
On closer examination, this does not appear to be a "0-day exploit"

For complete details refer to Sans in the following link:

Followup to Flash/swf stories

Update from Adobe:

Quote
The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere

Full story:

Potential Flash Player issue - update
Logged
Security+, OSCP, CEH
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4169


Editor-In-Chief


View Profile WWW
« Reply #4 on: May 29, 2008, 01:22:13 PM »
Nice update post on PC Mag by Larry Seltzer:

http://blogs.pcmag.com/securitywatch/2008/05/flash_vulnerability_update.php

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 1.076 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.