Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ALERT: Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability

May 28th 2008 in Uncategorized

Affected versions are 9.0.124.0 and 9.0.115.0.


The best analysis that I’ve seen so far is at SecurityFocus:
http://www.securityfocus.com/bid/29386/info


The frightening thing about this alert is that the vulnerability is being actively exploited, with tens of thousands of web sites being compromised (Symantec/Security Focus think that this is happening via SQL injection), with those compromised web sites being used to redirect victims to other sites that are hosting malicious Flash files.


At time of writing there is no workaround, patch or official advisory.  If you’re using Firefox, install a copy of No Script for its script and Flash blocking abilities.  If you are using Internet Explorer get yourself a copy of IE7Pro, which includes an ad blocker and a Flash blocker (note: be careful with the maximum connections per server setting – I have seen that setting break some web sites, especially banking sites).


Or, simply uninstall Flash.


 


2 comments to...
“ALERT: Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability”

Bob Clark

Any idea if the new beta version (10.0.1.218 IE) of Adobe Flash Player is vulnerable to this also?



Name Game

It appears to be retracked and current versions of Flash are not vulnerable.

http://www.dslreports.com/forum/r20549819-Attack-code-targets-new-Adobe-Flash-vuln


A new style Dot Tunes advertisement:
The adopstools results are here:http://www.adopstools.net/index.asp?page=quicklink&id=r60Siyiw02bZgpaa 
When the SWF is displayed on a system it hits the following URLs:
traveltray.com/crossdomain.xml
and
traveltray.com/stats.php?u={{removed}}&campaign=ofdidactic
The cross domain policy is “allow-access-from domain=”*” ” – in other words, there are no domain restrictions.  This document will help you understand the implications of such an open cross domain policy:http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
     

Previous Entry

Screenshots (had to smile at the appearance of the word “malware”): I’m also seeing a steady stream of ringtone: and American Singles malvertizements:

Next Entry