.

Adobe flash player 0day exploit

<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Tue May 27, 2008 11:40 pm

Adobe flash player 0day exploit

Ouch!, There's an 0day for Adobe flash player latest version and older. Currently there's no patch. Attackers are exploiting this in the wild. I can say this for a fact since for the past week or so, I've been monitoring a server hosted in China as part of an ongoing investigation in my company. The malicious site updates their malicious code almost daily and today I've noticed that they included what appears to be the new exploit for the Adobe flash player.

For example:

hxxp://www.woai###.cn/4562.swf

There's also seems to be a massive sql injection attack inserting malicious code that automatically redirect users without their consent to this malicious file or other similar swf files.

So my friends be careful out there in cyberspace and don't visit untrusted websites. Update your anti-virus software and if possible I would suggest setting a killbit for the flash player or adding a rule to your perimeter devices to block swf files until there is an official patch. Also NoScript is your best friend.

Additional info concerning this issue:

http://isc.sans.org/diary.html?storyid=4465
http://isc.sans.org/diary.html?storyid=4468
http://www.securityfocus.com/bid/29386/info
http://news.cnet.com/8301-10789_3-99525 ... g=nefd.top
Last edited by blackazarro on Tue May 27, 2008 11:42 pm, edited 1 time in total.
Security+, OSCP, CEH
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Tue May 27, 2008 11:52 pm

Re: Adobe flash player 0day exploit

Response from Adobe:

Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.



http://blogs.adobe.com/psirt/2008/05/po ... issue.html
Security+, OSCP, CEH
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Wed May 28, 2008 9:32 am

Re: Adobe flash player 0day exploit

An unpatched bug in Adobe Systems' Flash Player software is being exploited by online criminals, Symantec reported Monday.


http://news.yahoo.com/s/pcworld/20080527/tc_pcworld/146343;_ylt=AoDpvH6PMVqX3dAPiZCtTFAjtBAF
Reluctant CISSP, Certified ASS
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Wed May 28, 2008 9:37 pm

Re: Adobe flash player 0day exploit

On closer examination, this does not appear to be a "0-day exploit"


For complete details refer to Sans in the following link:

Followup to Flash/swf stories

Update from Adobe:

The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere


Full story:

Potential Flash Player issue - update
Security+, OSCP, CEH
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu May 29, 2008 1:22 pm

Re: Adobe flash player 0day exploit

Nice update post on PC Mag by Larry Seltzer:

http://blogs.pcmag.com/securitywatch/20 ... update.php

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software