homepage Welcome to WebmasterWorld Guest from 54.227.25.58
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Flash and Shockwave
Forum Library, Charter, Moderator: open

Flash and Shockwave Forum

    
Flash Player Exploit discovered - initial confusion begins to clear
jcoronella




msg:3661138
 6:01 pm on May 28, 2008 (gmt 0)

"Adobe Flash contains a vulnerability that may allow an attacker to run code on a vulnerable system. There are reports that this vulnerability is being actively exploited."

[kb.cert.org...]

CERT on how to secure your browser:
[us-cert.gov...]

 

coopster




msg:3661202
 7:20 pm on May 28, 2008 (gmt 0)

SecurityFocus has some reference links that are worth reading, particularly

[securityfocus.com...]

The current malware attack has been traced back to Chinese blackhats, who are using a zero day to infect users with password stealers, moreover, one of the domains serving the Adobe zero day has been sharing the same IP with four of the malware domains in the recent waves of massive SQL injection attacks, indicating this incident and the previous ones are connected.

swa66




msg:3661373
 10:29 pm on May 28, 2008 (gmt 0)

There's no zero day. Somebody at Symantec jumped the gun.

Still it's a problem for those with not up to date flash players, as the exploits are being used out there.

Take a look at the SANS Internet Storm Center for an overview of the current standing:
[isc.sans.org...]

coopster




msg:3661380
 10:39 pm on May 28, 2008 (gmt 0)

>> There's no zero day.

According to Adobe [blogs.adobe.com], you are correct:

This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit.

tedster




msg:3661383
 10:44 pm on May 28, 2008 (gmt 0)

Thanks for that update, swa66.

from SANS [isc.sans.org]:
On closer examination, this does not appear to be a "0-day exploit". Symantec has updated their threatcon info[/url], as well. We have yet to see one of these that succeeds against the current version (9.0.124.0)

From Symantec [symantec.com]:
Adobe has released an official statement noting that Flash Player versions 9.0.124.0 aren't affected by these attacks...Users are advised to ensure that Flash is updated to version 9.0.124.0

From Adobe [blogs.adobe.com]:
This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit.

pageoneresults




msg:3661395
 11:11 pm on May 28, 2008 (gmt 0)

I visited the us-cert.gov link to read their instructions for securing my browser. Just for kicks, I followed their instructions to the "t". I feel sorry for anyone browsing in that mode at all times. Just the few sites I visited were totally unusable with the Governments recommended settings. I'm still undoing them one by one as they crop up but for the most part, if you were to surf under their guidelines, there really is no need to surf. The waves are gone...

And, anything in Flash, totally invisible.

vincevincevince




msg:3661470
 1:01 am on May 29, 2008 (gmt 0)

Somewhat worrying. According to US_CERT it seems to affect all OS. I guess that's the weakness of a cross-platform system!

coopster




msg:3661762
 12:20 pm on May 29, 2008 (gmt 0)

I feel sorry for anyone browsing in that mode at all times.

Don't feel sorry for me!
I have been surfing this way for a long, long time now. Except for using NoScript, I started using that add-on in January of this year.

Cookies usually get the ESC key (Deny), except for those sites I want to allow. As far as JS and Flash, well we do a lot of Flash development too, so it actually helps to have these extensions loaded and operational for internal quality assurance before the code gets implemented. Viewing the page as a person that has JS and/or Flash disabled has proven priceless in some instances.

But back to the general web browsing experience ... I can surf much faster to locate the information I want to see without having to filter the non-applicable trash, ads, etc. Riding the waves, dude :)

mikedee




msg:3661776
 12:37 pm on May 29, 2008 (gmt 0)

Somewhat worrying. According to US_CERT it seems to affect all OS. I guess that's the weakness of a cross-platform system!

Only the flash exploit affects all OS's, the payload is Windows only at the moment. Personally I can't wait for a fill cross platform exploit.

According to the article it is dropping this malware:

MemScan:Win32.Worm.Otwycal.T; a variant of Win32/AutoRun.NAD

Trojan.PWS.OnLineGames.WOM; Win32/TrojanDropper.Agent.NKK

I assume all of those password stealers need Admin privileges so Vista users are safe as long as they disallow the UAC prompt, XP users are toast. Linux and Mac users would have to enter their root password.

My distro has had version 9.0.124 for a while now, so unfortunately I am unable to participate in this cross platform experiment at the moment ;)

webdoctor




msg:3664872
 2:41 pm on Jun 2, 2008 (gmt 0)

Vista users are safe as long as they disallow the UAC prompt, XP users are toast...

Surely XP users running without Admin privileges are just as safe as Vista users?

FYI: Most corporate boxes running XP I've come across are set up to run without admin privileges...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Flash and Shockwave
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved