Yesterday, Adobe issued Security Advisory APSA11-02. The advisory states that:
“A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.”
And… this new vulnerability is currently being exploited in the wild:
“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform.”
Flash files in embedded in Office?
This attack vector prompted the following question from Brian Krebs: Does anyone know of a reliable way to disable the rendering of Flash objects in MS Office files across the board?
Our thought is why disable what you can easily uninstall?
We don’t generally use Internet Explorer, so we don’t need the IE version of Flash Player enabled at all. For Flash on the Web, you can use a designated browser (other than IE). Do you really need Flash enabled for Office?
This is what Microsoft Office will prompt when opening a document/spreadsheet/presentation containing embedded Flash content with no ActiveX version of Flash installed.
The “Non-IE” versions of Flash Player are of course still vulnerable to exploit, but it’s harder to image a successful targeted attack (via e-mail) against them, which is probably why current attacks are using Office.
Incidentally, it looks as if the next version of Flash Player (10.3) will include a control panel applet:
Looks promising:
On 12/04/11 At 03:27 PM
Related Posts
- Now Exploiting: Phoenix Exploit Kit Version 2.5
The Phoenix Exploit Kit is now available in version 2.5 in the cybercrime underground.
Exploit kits are but one of the different tools used by cybercriminals for DIY Cybercrime. The Phoenix Exploit Ki... - Flash and Acrobat/Reader Hit by New Zero-Day Exploit
This week is turning out to be a busy one for zero-day exploits. Days after such a bug was found in Firefox, it’s Adobe’s turn to have its products under the gun.
According to the official Adobe secu... - Hackers exploit newest Flash zero-day bug
Adobe today confirmed that hackers are exploiting a critical unpatched bug in Flash Player, and promised to patch the vulnerability in two weeks.
View full post on Computerworld Security News... - Adobe Flash under fire with another zero-day exploit (Digital Trends)
Digital Trends - Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a ... - Analysis of a Zero-day Exploit for Adobe Flash and Reader
Last weekend, we warned our customers about a Zero-day exploit targeting Adobe Flash and Reader in the wild. The corresponding BID can be seen here. We have updated our antivirus definitions in order... - Zero-day exploit for Adobe Reader, Flash now in the wild
Adobe has announced that an exploitable flaw in Adobe Reader 9.x, Acrobat 9.x, and Flash 9.x and 10.x has been discovered and is being actively exploited. Windows, Mac OS X, and Li... - Update: Attackers exploit critical bug in Adobe’s Flash, Reader
Adobe late Friday warned that attackers are exploiting a critical vulnerability in the company's most widely-used software: Flash Player and Adobe Reader.
View full post on Computerworld Security N... - New MS 0-day ActiveX (MSVidCtl dll exploit)
This was just announced this morning and was found in the wild on several Chinese forums. Apparently this has been rampant for almost a month undetected.This is a client side (browser) exploit, so vi... - Finjan prevents 0-day exploit of Adobe Acrobat Reader and Flash player vulnerability
Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader... - Poisoned Google image searches becoming a problem
If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its be...
Posted on 13 April 2011. Tags: ActiveX, Exploit, Exposure, flash, limit, Uninstall, Version
The above information is reprinted from and copyrighted © by F-Secure.
