Computer Security Research - McAfee Avert Labs Blog

Flash Player Exploit Update 2

Wednesday May 28, 2008 at 9:55 am CST
Posted by Craig Schmugar

Last night our researchers identified similarities between the recent Adobe Flash exploits and a known (patched) vulnerability: CVE-2007-0071. At first, this appeared to close the case, but there was a report of a patched version of Flash falling victim to one of these attacks, and we’ve seen an SWF file referencing a missing file named WIN 9,0,124,0i.swf, which also suggests that the latest version of Flash is the target of that file.

The exploits that we have captured from the field do not appear to exploit the latest version of Flash. We continue to hunt for missing 9,0,124 exploits and will post an update should one be discovered. In the meantime, it’s best to update to the latest player, if you haven’t yet done so.

This entry was posted on Wednesday, May 28th, 2008 at 9:55 am and is filed under Exploit Research, Malware Research, Vulnerability Research, Web and Internet Safety, Zero-Day. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “Flash Player Exploit Update 2”

Gefahr aus dem Internet - Teneriffa Forum & Community - WWW.TENERIFFA-FORUM.NET Says:
May 29th, 2008 at 5:47 am
[…] Flash Player Exploit Update 2, Bericht von McAfee Quelle […]
Adobe Flash Player Flaw - Massive Exploitation reported - Harry Waldron - Microsoft MVP Blog Says:
May 29th, 2008 at 8:53 am
[…] variants emerging - AVERT researching claims that currently patched systems may be vulnerable?http://www.avertlabs.com/research/blog/index.php/2008/05/28/flash-player-exploit-update-2/ QUOTE: At first, this appeared to close the case, but there was a report of a patched version […]
sun88990 Says:
May 30th, 2008 at 4:54 am
I found lots of malware about the variant.
Please analysis them as soon as possible.Thanks a lot.
Adobe Flash - How to disable and enable in IE 7 or IE 8 - Harry Waldron - My IT Forums Blog Says:
May 30th, 2008 at 12:46 pm
[…] attacks can be stopped by moving to the latest version of Flash (9.0.124). However AVERT and other AV vendors still investigating whether new exploits are being crafted that could possibly infect up-to-date […]
Adobe Flash - How to disable and enable in IE 7 or IE 8 - Harry Waldron - Microsoft MVP Blog Says:
May 30th, 2008 at 12:47 pm
[…] attacks can be stopped by moving to the latest version of Flash (9.0.124). However AVERT and other AV vendors still investigating whether new exploits are being crafted that could possibly infect up-to-date […]
Prepare for Corporate Layoffs » Blog Archive » Adobe Flash Player Flaw - Massive Exploitation reported Says:
May 30th, 2008 at 4:18 pm
[…] New variants emerging - AVERT researching claims that currently patched systems may be vulnerable?http://www.avertlabs.com/research/blog/index.php/2008/05/28/flash-player-exploit-update-2/ […]
Prepare for Corporate Layoffs » Blog Archive » Adobe Flash - How to disable and enable in IE 7 or IE 8 Says:
May 30th, 2008 at 4:35 pm
[…] attacks can be stopped by moving to the latest version of Flash (9.0.124). However AVERT and other AV vendors still investigating whether new exploits are being crafted that could possibly infect up-to-date […]
Steve Says:
June 2nd, 2008 at 4:21 am
If you try a faked flash version say 9,0,125 will a request for:
WIN 9,0,125,0i.swf be made? Maybe it is just the coding of the site?

Flash Player Exploit Update 2

8 Responses to “Flash Player Exploit Update 2”

Leave a Reply

Archives

Categories