Adobe Flash zero-day exploit in the wild
[ See important update to this story here ]
May 27th, 2008
Malware hunters have spotted a previously unknown — and unpatched — Adobe Flash vulnerability being exploited in the wild.
The zero-day flaw has been added to the Chinese version of the MPackexploit kit and there are signs that the exploits are being injected
into third-party sites to redirect targets to malware-laden servers.
This SecurityFocus advisory warns:
Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.An attacker may exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts will
likely result in denial-of-service conditions.Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.
I’ve independently verified that redirection scripts have been
posted on at least two Chinese-language Web sites to launch drive-by
downloads of malware. When the exploit fires, it checks the Flash
version on the vulnerable computer and, depending on the result, it
uses a different .SWF (shockwave) file to take complete control of the
machine.
This threat should be considered very serious because of the
widespread distribution that Adobe Flash enjoys on the Windows
ecosystem. If this exploit gets seeded on high-traffic Web sites, we
could be in for a long clean-up operation.
More from the SANS ISC diary.
[ UPDATE: Continued investigation reveals this issue is fairly widespread.
Malicious code is being injected into other third-party domains
(approximately 20,000 web pages) most likely through SQL-injection
attacks. The code then redirects users to sites hosting malicious Flash
files exploiting this issue.]
Post a Comment