Attacks/Breaches
4/12/2011
11:45 AM
50%
50%

Adobe Flash Attacks Exploit Zero-Day Vulnerability

No patch is yet available against threat targeting government workers that uses malicious Flash inserted into Microsoft Word documents.

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
Adobe on Monday released a security advisory warning that Adobe Flash Player, Adobe Reader, and Adobe Acrobat are susceptible to a zero-day vulnerability that's being actively exploited.

"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform," said Adobe. "At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat."

A successful exploit would allow the attacker to crash or take over the targeted system.

Vulnerable software includes Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems; Flash Player 10.2.154.25 and earlier for Chrome users; and Adobe Flash Player 10.2.156.12 and earlier for Android. In addition, the Authplay.dll component--included with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh--is also vulnerable.

But Adobe said that protected mode in Adobe Reader X would prevent this type of exploit from being able to execute. In addition, these products aren't affected: Reader 9.x for Unix, Reader for Android, and 8.x versions of Reader and Acrobat.

Attackers are exploiting the vulnerability via spear-phishing campaigns against U.S. government workers and contractors, according to security reporter Brian Krebs.

No patch is available yet for Flash, Reader, or Acrobat, though Adobe said it is "in the process of finalizing a schedule for delivering updates." Since Adobe Reader X would block the attack, Adobe said it won't get patched until the next regularly scheduled quarterly security update, planned for June 14.

The new vulnerability announcement comes three weeks after Adobe released an emergency patch to safeguard its products against similar exploits. As that suggests, when it comes to vulnerabilities, attackers have largely shifted their focus from operating systems and browsers to browser plug-ins--and especially Flash.

But businesses are having a difficult time coping with the non-stop "patch or perish" cycle that results from the seemingly endless stream of new vulnerabilities. According to the forthcoming May 2011 InformationWeek Analytics Strategic Security Survey of business technology and security professionals, from 2010 to 2011 the number of organizations that rated their patch management processes "very effective" dropped from 27% to 22%.

Furthermore, according to VirusTotal, a service that analyzes antivirus software effectiveness, as of Saturday, only one out of 42 antivirus products was detecting as malicious a file--"Disentangling Industrial Policy and Competition Policy.doc"--being used in the attack. By Tuesday, however, 15% of the 42 antivirus software applications were detecting it.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0656
Published: 2015-03-03
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.