On CHOW: How to avoid dirty looks at cafes
BNET Business Network:
BNET
TechRepublic
ZDNet

May 27th, 2008

Adobe Flash zero-day exploit in the wild

Posted by Ryan Naraine @ 11:19 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Rootkits, Vulnerability research, Zero-day attacks

Tags: Adobe Systems Inc., Vulnerability, Zero-day Bug, Spyware, Adware & Malware, Cyberthreats, Security, Ryan Naraine

Adobe Flash zero-day exploit in the wild[ See important update to this story here ]

Malware hunters have spotted a previously unknown — and unpatched — Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Technical details on the vulnerability are not yet available.  Adobe’s product security incident response team is investigating.

This SecurityFocus advisory warns:

Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.

I’ve independently verified that redirection scripts have been posted on at least two Chinese-language Web sites to launch drive-by downloads of malware.   When the exploit fires, it checks the Flash version on the vulnerable computer and, depending on the result, it uses a different .SWF (shockwave) file to take complete control of the machine.

This threat should be considered very serious because of the widespread distribution that Adobe Flash enjoys on the Windows ecosystem.  If this exploit gets seeded on high-traffic Web sites, we could be in for a long clean-up operation.

More from the SANS ISC diary.

[ UPDATE: Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 52 Talkback(s)
I agee!! Flash is USELESS
>> I have never -- NEVER -- seen a site where a Flash animation did anything actually useful.

>> There is no content that cannot be presented some more useful way.

You mean like Google f... (Read the rest)
Posted by: Duke E. Love Posted on: 06/05/08 You are currently: a Guest | | Terms of Use
Clarification  NonZealot | 05/27/08
Clarification to the Clarifier  nmcfeters | 05/27/08
PM is a sandbox not a LUA  Donald75 | 05/27/08
Sorry spoke to fast  nmcfeters | 05/27/08
Pwned browser still bad idea.  kindauniquebastard2 | 05/28/08
agreed -  zoroaster | 05/27/08
Here's a clarification that's needed.  dgurney | 06/03/08
The perfect storm  nmcfeters | 05/27/08
....  Linux User 147560 | 05/27/08
AdBlock and NoScript on Ubuntu  Chad_z | 05/27/08
And Vista as well  Heatlesssun1 | 05/27/08
Properly configured Ubuntu  chromeronin | 05/27/08
C'mon, that's not just lazy  jthill | 05/27/08
RE: Adobe Flash zero-day exploit in the wild  JT82 | 05/27/08
Leaving Adobe Flash?  daengbo | 05/28/08
So do UAC and DEP protect the user  Heatlesssun1 | 05/27/08
Vuln still being analyzed  Ryan NaraineZDNet Moderator | 05/27/08
Beyond that, how about a little advice  klumper | 05/27/08
Advice that works anyway: NoScript  Giorgio Maone | 05/28/08
Best idea is to use Linux.It's hardly can be infected happy  kindauniquebastard2 | 05/28/08
Where's The Beef...And Broccoli?  archetuthus | 05/27/08
Thats a good Ostrich  DigitalPenGuy | 05/27/08
And...  nmcfeters | 05/27/08
Not only, but also...  zkiwi | 05/27/08
worthy victims  bart001fr | 05/28/08
And...  dunn@... | 05/28/08
multi-platform  zoroaster | 05/27/08
Not a big issue  fde101 | 05/28/08
uhh ...  ttocsmij | 05/28/08
SO? RE: Adobe Flash zero-day exploit in the wild  twaynesdomain | 05/27/08
Disable the Flash in your Browser for now...  dunn@... | 05/28/08
RE: Adobe Flash zero-day exploit in the wild  z33511@... | 05/27/08
okay ... how?  ttocsmij | 05/28/08
RE:  gods_disease@... | 05/28/08
In IE 7...  z33511@... | 05/28/08
Does FlashBlock prevent it  The-Bytemaster | 05/27/08
RE: Adobe Flash zero-day exploit in the wild  marketmaven | 05/27/08
RE: Adobe Flash zero-day exploit in the wild  ha123abc | 05/28/08
DEP is so unreliable anyway....  dunn@... | 05/28/08
That doesn't make DEP unreliable!  KTLA | 05/28/08
Surely.DEP is like a paper shield.Looks heavily.Protects from nothing.  kindauniquebastard2 | 05/28/08
Really?  rtk | 05/28/08
Just in time for the Olympics!!  techboy_z | 05/28/08
Flash: Just Say No  craigg4c | 05/28/08
You have no idea of what you are talking about  Sluggo Fishmonger | 06/05/08
I agee!! Flash is USELESS  Duke E. Love | 06/05/08
RE: Adobe Flash zero-day exploit in the wild  dorkiedorkfromdorktown | 05/28/08
RE: Adobe Flash zero-day exploit in the wild  olejnik | 05/28/08
flash isn'tavail in 64-bit, so..  inertman@... | 05/28/08
Firefox + Flashblock = solution  trophygeek | 05/28/08
RE: Adobe Flash zero-day exploit in the wild  rabit___@... | 05/28/08
Adobe claims fixed in current version  bcontario | 05/28/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline