Flash player exploit in the wild - follow up...
FYI...
- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080527
May 27, 2008 - 11:16 PM - "...important that you make sure you have updated your Adobe Flash Player to the latest version* (9.0.124.0 at the time of this writing)... it seems that several websites are now taking advantage of a flaw in the Adobe Flash Player previously covered by CVE-2007-0071**. It appears that Symantec started noticing this activity being exploited in the wild and initially labeled it a 0-day threat as they thought it affected 9.0.124.0. However, they have since posted an update*** potentially changing this view. Both Symantec and the Internet Storm Center have posted information surrounding the vulnerability and some of the websites that are actively exploiting it. It would appear this is in fact fully patched with the latest version and is the same vulnerability described by CVE-2007-0071. We decided to look into this a bit more and see what other websites are out there exploited this vulnerability and what they attempted to install. It did not take us long to find several other websites beyond those already mentioned. It would appear that this exploit has been pretty widely known within the Chinese community for the past two days or so... Did we mention that you should UPGRADE YOUR FLASH PLAYER (if you haven't already)? It's always a good idea to keep your software up-to-date, but it should surely be a priority to do so now..."
* http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
** http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0071
Last revised: 4/25/2008 - "...Adobe Flash Player 9.0.115.0 and earlier..."
*** http://www.symantec.com/security_response/threatcon/index.jsp
- http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html
May 28, 2008 11:09AM - "...This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0*..."
* http://www.adobe.com/go/getflashplayer
---------------
Retired: Adobe Flash Player SWF File Remote Code Execution Vulnerability
- http://www.securityfocus.com/bid/29386/discuss
Updated: May 28 2008 07:53PM - "...Further research indicates that this vulnerability is the same issue described in BID 28695** (Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability), so this BID is being retired."
** http://www.securityfocus.com/bid/28695/solution
"...The vendor released Flash Player 9.0.124.0 to address this issue..."
FYI...
- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080527
May 27, 2008 - 11:16 PM - "...important that you make sure you have updated your Adobe Flash Player to the latest version* (9.0.124.0 at the time of this writing)... it seems that several websites are now taking advantage of a flaw in the Adobe Flash Player previously covered by CVE-2007-0071**. It appears that Symantec started noticing this activity being exploited in the wild and initially labeled it a 0-day threat as they thought it affected 9.0.124.0. However, they have since posted an update*** potentially changing this view. Both Symantec and the Internet Storm Center have posted information surrounding the vulnerability and some of the websites that are actively exploiting it. It would appear this is in fact fully patched with the latest version and is the same vulnerability described by CVE-2007-0071. We decided to look into this a bit more and see what other websites are out there exploited this vulnerability and what they attempted to install. It did not take us long to find several other websites beyond those already mentioned. It would appear that this exploit has been pretty widely known within the Chinese community for the past two days or so... Did we mention that you should UPGRADE YOUR FLASH PLAYER (if you haven't already)? It's always a good idea to keep your software up-to-date, but it should surely be a priority to do so now..."
* http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
** http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0071
Last revised: 4/25/2008 - "...Adobe Flash Player 9.0.115.0 and earlier..."
*** http://www.symantec.com/security_response/threatcon/index.jsp
- http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html
May 28, 2008 11:09AM - "...This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0*..."
* http://www.adobe.com/go/getflashplayer
---------------
Retired: Adobe Flash Player SWF File Remote Code Execution Vulnerability
- http://www.securityfocus.com/bid/29386/discuss
Updated: May 28 2008 07:53PM - "...Further research indicates that this vulnerability is the same issue described in BID 28695** (Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability), so this BID is being retired."
** http://www.securityfocus.com/bid/28695/solution
"...The vendor released Flash Player 9.0.124.0 to address this issue..."
Last edited: