new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player

Back to Giveaway of the Day

Giveaway of the Day Forums » Software Talks

new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player

(3 posts) (1 voice)

Started 13 years ago by Anonymous
Latest reply from Anonymous

Anonymous
Unregistered

http://blogs.technet.com/b/srd/archive/2011/03/16/blocking-exploit-attempts-of-the-recent-flash-0-day.aspx?wa=wsignin1.0

We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player. This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks involve a malicious Flash .swf file that is embedded into a Microsoft Excel document.
First, customers using Microsoft Office 2010 are not susceptible to the current attacks. The current attacks do not bypass the Data Execution Prevention security mitigation (DEP).
To be protected by EMET, there are a few steps you need to follow. You first need to download the tool, install it, and then finally configure it to protect an application. It’s a good idea to configure EMET to protect not just Excel,*

http://www.giveawayoftheday.com/forums/topic/8853 (info on EMET)

http://blogs.technet.com/b/mmpc/archive/2011/03/17/a-technical-analysis-on-the-cve-2011-0609-adobe-flash-player-vulnerability.aspx

https://secunia.com/

Successful exploitation allows execution of arbitrary code. Secunia Advisory SA43751

The vulnerability is confirmed in Flash Player version 10.2.152.33 for Windows and reported in versions 10.2.152.33 and prior for Windows, Macintosh, Linux, and Solaris, versions 10.2.154.18 and prior for Chrome, and versions 10.1.106.16 and prior for Android, and Adobe AIR for Windows, Macintosh, and Linux prior to version 2.6.

NOTE: The vulnerability is reportedly being actively exploited.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609

http://www.computersecurityarticles.info/antivirus/f-secure/attack-using-cve-2011-0609/

Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits.

Here’s a screenshot of one such e-mail, provided by Contagio.

http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html

We just posted Security Advisory APSA11-01 announcing a critical vulnerability (CVE-2011-0609) in Adobe Flash Player, which also impacts the authplay.dll component shipping with Adobe Reader and Acrobat for Windows and Macintosh.

http://xforce.iss.net/xforce/xfdb/66078 (Platforms Affected:Have a look.)

http://blog.fireeye.com/research/2011/03/who-is-exploiting-the-flash-0-day-cve-2011-0609.html

A detailed investigation of the code and functionality inside the malware payload 'a.exe' (1e09970c9bf2ca08ee48f8b2e24f6c44) shows that this is zero day malware. As of Mar 15, 2011 none of the AV on VirusTotal were able to detect it.

Posted 13 years ago #
Anonymous
Unregistered

http://www.zdnet.com/blog/security/adobe-warns-of-new-flash-player-zero-day-attack/8524?tag=nl.e539

AFFECTED SOFTWARE VERSIONS

Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 10.2.154.25 and earlier for Chrome users
Adobe Flash Player 10.2.156.12 and earlier for Android
The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

http://www.theinquirer.net/inquirer/news/2043584/adobe-issues-emergency-fix-flash-player-flaw

Adobe issues an emergency fix for Flash Player flaw
But Microsoft should stop embedding Flash in Office files
By Asavin Wattanajantra, Thu Apr 14 2011

SOFTWARE DEVELOPER Adobe will release a Flash Player update tomorrow, moving very quickly to plug a zero-day vulnerability found earlier in the week.

The fix will be made available for Flash Player on Windows, Mac OS X, Linux and Solaris. Hackers are already launching attacks by using Flash (.swf) files embedded in Microsoft Word (.doc) files sent as email attachments.

There is also a vulnerability in the Windows Authplay.dll component shipped with Adobe Reader and Acrobat, but fixes for this software will appear at later dates for Windows and Mac OS X.

http://www.computing.co.uk/ctg/news/2043196/adobe-warns-flash-vulnerability

http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html

Posted 13 years ago #
Anonymous
Unregistered

http://blogs.adobe.com/psirt/2011/05/security-updates-available-for-flash-player-robohelp-audition-and-flash-media-server.html

Security update available for Flash Player (Critical Severity)

http://www.h-online.com/security/news/item/Getting-a-grip-on-Flash-cookies-Adobe-publishes-Flash-10-3-1242645.html

Adobe has published version 10.3 of its Flash Player for all platforms. This version finally gives users control of their Flash cookies, but only if one of the currently supported web browsers is used: Firefox 4, Chrome 11, Internet Explorer 8 (or higher) and, soon, Safari. The new ClearSiteData API allows the browser to take care of Flash cookies (LSOs – Local Shared Objects), which it can manage as though they were normal cookies. Up until this release, users had to visit the Settings Manager on Adobe's website to handle the stubborn Flash cookies.
The update closes 11 security holes, most of which are critical memory flaws that allow attackers to inject malicious code.

new update date 15:May:2011

Posted 13 years ago #

RSS feed for this topic

Reply

You must log in to post.