Adobe Flash Player flaw previously patched, Symantec says

By SearchSecurity.com Staff 29 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Attackers that set up thousands of malware laden Web pages to exploit an Adobe Flash Player flaw were targeting a previous version of the media player, according to researchers investigating the issue.

Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero day issue, and to Mark Dowd and wushi for originally reporting this issue. David Leno Product Security Incident Response Team, Adobe

Security researchers issued a clarification about the flaw and lowered their warning after discovering that the flaw being targeted was patched by Adobe. The vulnerability is an Adobe Flash Player multimedia file remote buffer overflow vulnerability, according to Symantec which issued a clarification Wednesday. Symantec also lowered its ThreatCon rating, reducing its security posture to level 1, the lowest basic network posture.

The attacks affect Adobe Flash Player 9.0.115.0 and earlier, not the latest version 9.0.124.0, Symantec said.

Adobe issued a statement Wednesday via its Product Security Incident Response Team encouraging users to upgrade the media player to the latest version. Customers using multiple browsers should perform a check for each browser installed on their system and update if necessary, the Adobe security team said.

"Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue," said Adobe's David Leno in the Product Security Incident Response Team blog.

In April, Adobe issued an update to correct input validation errors when handling a Shockwave Flash (SWF) file that could lead to the potential execution of arbitrary code. The update introduced functionality to stop attackers from executing a DNS rebinding attack.

Resarchers from Symantec, McAfee and other vendors have been tracking a number of attacks which involved two Chinese sites known to be hosting exploits. Attackers are injecting malicious code into the sites using SQL-injection vulnerabilities to target a flaw in previous versions of the Adobe medial player. More than 200,000 Web pages are serving up a script redirecting users to malicious sites.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Emerging Information Security Threats Antispyware buying guide for Indian enterprises ATM malware lets attackers take over machines FTC shutters rogue ISP for hosting malicious content, botnets The failing war against cybercriminals White House cybersecurity czar faces major hurdles Cybercrime and threat management The Pipe Dream of No More Free Bugs Face-off: Who should be in charge of cybersecurity? Federal efforts to secure cyberinfrastrucure Adobe working on patch to correct new zero-day flaw

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary