HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 14 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Adobe flash player 0day exploit
Ethical Hacker Community Forums
August 30, 2008, 07:06:01 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Adobe flash player 0day exploit  (Read 1658 times)
0 Members and 1 Guest are viewing this topic.
blackazarro
Full Member
***
Offline Offline

Posts: 217



View Profile
« on: May 27, 2008, 11:40:48 PM »
Ouch!, There's an 0day for Adobe flash player latest version and older. Currently there's no patch. Attackers are exploiting this in the wild. I can say this for a fact since for the past week or so, I've been monitoring a server hosted in China as part of an ongoing investigation in my company. The malicious site updates their malicious code almost daily and today I've noticed that they included what appears to be the new exploit for the Adobe flash player.

For example:

hxxp://www.woai###.cn/4562.swf

There's also seems to be a massive sql injection attack inserting malicious code that automatically redirect users without their consent to this malicious file or other similar swf files.

So my friends be careful out there in cyberspace and don't visit untrusted websites. Update your anti-virus software and if possible I would suggest setting a killbit for the flash player or adding a rule to your perimeter devices to block swf files until there is an official patch. Also NoScript is your best friend.

Additional info concerning this issue:

http://isc.sans.org/diary.html?storyid=4465
http://isc.sans.org/diary.html?storyid=4468
http://www.securityfocus.com/bid/29386/info
http://news.cnet.com/8301-10789_3-9952547-57.html?tag=nefd.top
« Last Edit: May 27, 2008, 11:42:28 PM by blackazarro » Logged
Security+, OSCP, CEH
blackazarro
Full Member
***
Offline Offline

Posts: 217



View Profile
« Reply #1 on: May 27, 2008, 11:52:05 PM »

Response from Adobe:

Quote
Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.


http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
Logged
Security+, OSCP, CEH
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 202

Klaatu, Borada,Necktie?


View Profile
« Reply #2 on: May 28, 2008, 09:32:20 AM »
Quote
An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday.

http://news.yahoo.com/s/pcworld/20080527/tc_pcworld/146343;_ylt=AoDpvH6PMVqX3dAPiZCtTFAjtBAF
Logged
MCP, Security+, Associate (ISC)2
blackazarro
Full Member
***
Offline Offline

Posts: 217



View Profile
« Reply #3 on: May 28, 2008, 09:37:19 PM »
Quote
On closer examination, this does not appear to be a "0-day exploit"

For complete details refer to Sans in the following link:

Followup to Flash/swf stories

Update from Adobe:

Quote
The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere

Full story:

Potential Flash Player issue - update
Logged
Security+, OSCP, CEH
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2229


Editor-In-Chief


View Profile WWW
« Reply #4 on: May 29, 2008, 01:22:13 PM »
Nice update post on PC Mag by Larry Seltzer:

http://blogs.pcmag.com/securitywatch/2008/05/flash_vulnerability_update.php

Don
Logged
CISSP, MCSE, CEH, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.046 seconds with 23 queries.
 
Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.