Adobe Flash Player flaw previously patched, Symantec says

By SearchSecurity.com Staff 29 May 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Attackers that set up thousands of malware laden Web pages to exploit an Adobe Flash Player flaw were targeting a previous version of the media player, according to researchers investigating the issue.

Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero day issue, and to Mark Dowd and wushi for originally reporting this issue. David Leno Product Security Incident Response Team, Adobe

Security researchers issued a clarification about the flaw and lowered their warning after discovering that the flaw being targeted was patched by Adobe. The vulnerability is an Adobe Flash Player multimedia file remote buffer overflow vulnerability, according to Symantec which issued a clarification Wednesday. Symantec also lowered its ThreatCon rating, reducing its security posture to level 1, the lowest basic network posture.

The attacks affect Adobe Flash Player 9.0.115.0 and earlier, not the latest version 9.0.124.0, Symantec said.

Adobe issued a statement Wednesday via its Product Security Incident Response Team encouraging users to upgrade the media player to the latest version. Customers using multiple browsers should perform a check for each browser installed on their system and update if necessary, the Adobe security team said.

"Thanks to Symantec for working very closely with us over the last two days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue," said Adobe's David Leno in the Product Security Incident Response Team blog.

In April, Adobe issued an update to correct input validation errors when handling a Shockwave Flash (SWF) file that could lead to the potential execution of arbitrary code. The update introduced functionality to stop attackers from executing a DNS rebinding attack.

Resarchers from Symantec, McAfee and other vendors have been tracking a number of attacks which involved two Chinese sites known to be hosting exploits. Attackers are injecting malicious code into the sites using SQL-injection vulnerabilities to target a flaw in previous versions of the Adobe medial player. More than 200,000 Web pages are serving up a script redirecting users to malicious sites.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Emerging Information Security Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Quiz: How to build secure applications Black box and white box testing: Which is best? Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Emerging Information Security Threats Best practices for (small) botnets Cybersecurity grant to fund research into critical infrastructure threats RSA security conference 2010: news, interviews and updates Hackers to sharpen malware, malicious software in 2010 Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers US-CERT warns of BlackBerry snooping software Researchers find thousands of flawed embedded devices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary