A vulnerability has been reported in Adobe Flash Player versions 9.0.124.0 and older, which is the current version available for download now. Adobe has not yet released a patch nor an official advisory. Stay tuned for further developments. [1]
Symantec have now seen this exploit in the wild;
The ThreatCon is currently at Level 2: Elevated.
The DeepSight ThreatCon is currently at Level 2 in response to the discovery of in-the-wild exploitation of a vulnerability affecting Adobe Flash Player. The flaw occurs when processing a malicious SWF file. Originally this issue was believed to be unpatched and unknown, but further technical analysis has revealed that it is the previously reported Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability (BID 28695), discovered by Mark Dowd of IBM. Adobe has released an official statement noting that Flash Player versions 9.0.124.0 aren’t affected by these attacks and confirming that the SWF files are in fact leveraging this flaw. We are continuing to investigate our findings as well, because we seem to be observing crashing on some 9.0.124.0 versions. — 2007-May-29 Symantec [2]
The vulnerability is disputed by Adobe PSIRT;
The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. — Adobe PSIRT [5]
MITIGATION:
Update to a non-vulnerable version of the Flash player.
* Upgrade to Flash Player 9.0.124.0 (?)
If you have a vulnerable version of the Flash player.
* Avoid browsing to untrustworthy sites.
* Consider disabling or uninstalling Flash until patches are available.
* Deploy script-blocking mechanisms, such as NoScript for Firefox, to explicitly prevent SWFs from loading on all but explicitly trusted sites.
* Temporarily set the kill bit until patches availability is confirmed.
CLSID d27cdb6e-ae6d-11cf-96b8-444553540000
[1] Adobe flash player vuln (2008-May-27 ) [SANS]
[2] ThreatCon (2008-May-29 ) [Symantec]
[3] Retired: Adobe Flash Player SWF File Remote Code Execution Vulnerability (2008-May-27 ) [SecurityFocus]
[4] Potential Flash Player issue (2008-May-27 ) [Adobe PSIRT]
[5] Potential Flash Player issue – update (2008-May-28 ) [Adobe PSIRT]
[6] Followup to Flash/swf stories (2008-May-28 ) [SANS]
[7] Malicious swf files? (2008-May-27 ) [SANS]
[8] Adobe Flash Player Unspecified Vulnerability (2008-May-28- ) [Secunia]
0 Responses to “Adobe Flash Player v9.0.124.0 Vulnerability?”