50 replies to this topic

[AplusWebMaster]

FYI...

- http://www.adobe.com.../apsa10-02.html
September 13, 2010 - "... A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild...."
- http://isc.sans.edu/...ml?storyid=9523
Last Updated: 2010-09-08 18:03:06 UTC
- http://web.nvd.nist....d=CVE-2010-2883
Last revised: 09/10/2010 - "... exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3

Adobe Reader/Acrobat vuln... unpatched
- http://secunia.com/advisories/41340/
Release Date: 2010-09-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
...vulnerability is confirmed in versions 8.2.4 and 9.3.4. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
Solution: Do not open untrusted files.
Provided and/or discovered by: Reported as a 0-day....

- http://www.virustota...da2b-1283972909
File name: Golf Clinic.pdf
Submission date: 2010-09-08 19:08:29 (UTC)
Result: 11/43 (25.6%)

(Better)...
- http://www.virustota...da2b-1284031469
File name: Golf Clinic.pdf
Submission date: 2010-09-09 11:24:29 (UTC)
Result: 21/43 (48.8%)

Edited by AplusWebMaster, 14 September 2010 - 04:14 AM.

[AplusWebMaster]

FYI...

0-day Flash vuln "exploit in the wild"...
- http://www.adobe.com.../apsa10-03.html
September 13, 2010 - "... A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884*) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010.
We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://isc.sans.edu/...ml?storyid=9544
Last Updated: 2010-09-14 00:40:35 UTC

* http://web.nvd.nist....d=CVE-2010-2884

- http://secunia.com/advisories/41434/
Release Date: 2010-09-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...

- http://securitytrack...ep/1024432.html
Sep 14 2010

Edited by AplusWebMaster, 15 September 2010 - 12:40 PM.

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat v9.4 update released
- http://forums.whatth...=...st&p=687013
October 5, 2010
___

Flash Player v10.1.85.3 released
- http://forums.whatth...=...st&p=683874
Sep. 20, 2010
___
Flash update 2010.09.20 ...
- http://www.adobe.com.../apsa10-03.html
Last updated: September 17, 2010 - "... We now expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems on Monday September 20, 2010. A fix is now available for Google Chrome users. Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://googlechromer...updates_17.html (September 17, 2010). We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://web.nvd.nist....d=CVE-2010-2884
Last revised: 09/18/2010 - "... as exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3 (HIGH)
- http://xforce.iss.ne...orce/xfdb/61771
September 18, 2010 - High Risk

** http://www.google.co...mp;answer=95414
"...You can tell if updates are available if the wrench icon on the browser toolbar has a little orange dot: update notification. To apply the update, just close and restart the browser..."

Edited by AplusWebMaster, 05 October 2010 - 06:46 PM.

[AplusWebMaster]

FYI...

Shockwave v11.5.9.615 released
- http://forums.whatth...=...st&p=691284
___

Shockwave Player vuln - unpatched
- http://secunia.com/advisories/41932/
Release Date: 2010-10-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in version 11.5.8.612...
Solution: Do not visit untrusted websites*...
Original Advisory: Adobe:
http://www.adobe.com.../apsa10-04.html
Last updated: October 27, 2010 - "... As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild... We are in the process of finalizing a fix for the issue and expect to provide an update for Shockwave Player on October 28, 2010..."
http://blogs.adobe.c...-apsa10-04.html
"... vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system..."
- http://web.nvd.nist....d=CVE-2010-3653
Last revised: 10/27/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

Edited by AplusWebMaster, 28 October 2010 - 01:33 PM.

[AplusWebMaster]

FYI...

Adobe Flash... 0-day... unpatched
* http://www.adobe.com.../apsa10-05.html
Release date: October 28, 2010
CVE number: CVE-2010-3654
"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player. We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010..."

- http://secunia.com/advisories/41917/
Last Update: 2010-10-29
Criticality level: Extremely critical
NOTE: The vulnerability is currently being actively exploited...
... Adobe plans to release a fixed version on November 9, 2010.
... Reported as a 0-day.
Original Advisory: Adobe APSA10-05*

Adobe Reader/Acrobat ...
- http://secunia.com/advisories/42030/
...Adobe plans to release a fixed version on November 15, 2010.
Original Advisory: Adobe APSA10-05*

Chrome ...
- http://secunia.com/advisories/42031/

- http://www.theregist..._critical_vuln/
28 October 2010
- http://www.virustota...772a-1288229160
File name: nsunday.exe
Submission date: 2010-10-28
Result: 15/42 (35.7%)
There is a more up-to-date report (27/43) for this file...
- http://www.virustota...772a-1288324712
File name: 9F0CEFE847174185030A1F027B3813EC
Submission date: 2010-10-29
Result: 27/43 (62.8%)
___

- http://isc.sans.edu/...ml?storyid=9835
Last Updated: 2010-10-28 21:51:01 UTC - "... mitigation measures recommended by adobe:
Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."
More information at
- http://contagiodump....layer-zero.html ..."
___

- http://www.kb.cert.org/vuls/id/298081
2010-10-28 - "... consider the following workarounds: Disable Flash..."

ThreatCon... Elevated.
- http://www.symantec....eatconlearn.jsp
Oct. 29, 2010 - "... Adobe Flash Player, Adobe Reader, and Acrobat... vulnerability... being actively exploited in the wild..."

- http://web.nvd.nist....d=CVE-2010-3654
Last revised: 10/29/2010

Edited by AplusWebMaster, 29 October 2010 - 01:31 PM.

[AplusWebMaster]

FYI...

Flash v10.1.102.64 released
- http://forums.whatth...=...st&p=692696
Critical
___

- http://isc.sans.edu/...ml?storyid=9892
Last Updated: 2010-11-04 22:27:50 UTC - "... current 'State of Adobe'...
Product Latest Version
PDF Reader - v9.4.0 - vulnerable: http://secunia.com/advisories/42095/
Flash Player - 10.1.102.64
Shockwave Player- 11.5.9.615 - vulnerable: http://secunia.com/advisories/42112/
Acrobat - 9.4.0 - vulnerable: http://web.nvd.nist....d=CVE-2010-3654
Air - 2.5 ..."
- http://isc.sans.edu/tag.html?tag=adobe
___

Flash update now expected 11.4.2010...
- http://www.adobe.com.../apsa10-05.html
Last updated: November 2, 2010 - "... We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010..."
- http://web.nvd.nist....d=CVE-2010-3654
Last revised: 11/01/2010
CVSS v2 Base Score: 9.3 (HIGH)

Edited by AplusWebMaster, 05 November 2010 - 07:30 AM.

[AplusWebMaster]

FYI...

More Adobe vulns ...

Adobe Reader vuln
- http://secunia.com/advisories/42095/
Last Update: 2010-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 9.4.1.

Adobe Shockwave Player vuln - unpatched
- http://secunia.com/advisories/42112/
Last Update: 2010-11-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.
Solution: Do not open the "Shockwave Settings" window when viewing Shockwave content..."
- http://www.securityt....com/id?1024682
Nov 4 2010
- http://web.nvd.nist....d=CVE-2010-4092
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

Edited by AplusWebMaster, 27 November 2010 - 08:55 AM.

[AplusWebMaster]

Adobe Reader/Acrobat v9.4.1 released
- http://forums.whatth...=...st&p=694961
___

Adobe PDF Reader status:

- http://www.adobe.com.../apsb10-28.html
November 12, 2010 - "... updates for Adobe Reader 9.4... and Adobe Acrobat 9.4... Adobe expects to make updates for Windows and Macintosh available on Tuesday, November 16, 2010. An update for UNIX is expected to be available on Monday, November 30, 2010..."
- http://web.nvd.nist....d=CVE-2010-3654
Original release date: 10/29/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in October 2010..."
- http://web.nvd.nist....d=CVE-2010-4091
Original release date: 11/07/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)
- http://secunia.com/advisories/42030/
Release Date: 2010-10-28
- http://secunia.com/advisories/42095/
Last Update: 2010-11-08

- http://contagiodump....-2010-3654.html
November 10, 2010

Alternative:
- http://forums.whatth...=...st&p=696850
FoxIt Reader v4.3.0.1110

Edited by AplusWebMaster, 08 December 2010 - 09:43 AM.

[AplusWebMaster]

FYI...

Flash 0-day targeted attacks...
- http://isc.sans.edu/...l?storyid=10549
Last Updated: 2011-03-14 20:09:26 UTC - "Adobe posted a security advisory*... These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding. We will keep an eye on this and if the 0-day starts being used in the wild..."
___

- http://blog.trendmic...-exploit-found/
Mar. 16, 2011
___

* http://www.adobe.com.../apsa11-01.html
March 14, 2011 - "Summary: A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.13 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

- http://blogs.adobe.c...h-schedule.html
March 14, 2011 - "... The current attack leverages a malicious Flash (.swf) file inside a Microsoft Excel (.xls) file. The .xls file is used to set up machine memory to take advantage of a crash triggered by the corrupted .swf file. The final step of the attack is to install persistent malware on the victim’s machine..."

- http://secunia.com/advisories/43751/
Release Date: 2011-03-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Flash Player 10.x
... The vulnerability is reportedly being actively exploited.
Solution: Adobe plans to release a fixed version during the week of March 21, 2011...

- http://secunia.com/advisories/43772
___

- http://www.us-cert.g...y_advisory_for6
March 15, 2011

- http://www.kb.cert.org/vuls/id/192052
Last Updated: 2011-03-15

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/15/2011
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.securityt....com/id/1025210
Mar 15 2011
- http://www.securityt....com/id/1025211
Mar 15 2011

Edited by AplusWebMaster, 17 March 2011 - 11:11 AM.

[AplusWebMaster]

FYI...

Flash/Reader/Acrobat critical updates released
- http://forums.whatth...=...st&p=719682
March 21, 2011
___

Flash 10.2 update - for Androids only...
- http://blogs.adobe.c...le-devices.html
March 18, 2011 - "... To see if your device is certified for Flash Player 10.2, visit:
- http://www.adobe.com...tified_devices/
___

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/15/2011
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://www.adobe.com.../apsb11-02.html
Last updated: March 18, 2011 - "... Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26..."

- http://www.adobe.com.../apsa11-01.html
Last updated: March 18, 2011 - "... A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

.

Edited by AplusWebMaster, 21 March 2011 - 08:00 PM.

[AplusWebMaster]

FYI...

PDF file loaded w/malware used in attack on Spotify...
- http://forums.whatth...=...st&p=720371
"... Blackhole Exploit Kit... One of the vulnerabilities the exploit kit uses is a vulnerability in Adobe Reader/Acrobat. The kit uses a heavily obfuscated PDF file..."
* http://www.virustota...7acf-1301413767
File name: L9FPB1.pdf
Submission date: 2011-03-29 15:49:27 (UTC)
Result: 12/43 (27.9%)
___

Flash exploits in-the-wild - SPAM attachments...
- http://www.f-secure....s/00002127.html
March 23, 2011 - "Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits... Another sample we've seen (md5:20ee090487ce1a670c192f9ac18c9d18) is an Excel file containing an embedded Flash object that exploits a known vulnerability (CVE-2011-0609). When the XLS file is opened, it shows an empty Excel spreadsheet and starts exploit code via a Flash object. The Flash object starts by doing a heap-spray... the Flash object constructs and loads a second Flash object in runtime... This second Flash object is the main exploit in this malware and it exploits CVE-2011-0609 to execute the shellcode in the heap... As an aside: the main exploit appears to have been delivered in this fashion in an attempt to evade detection. As it is loaded in memory, no physical file is available for scanning by an antivirus engine. Embedding the Flash object that loads the main exploit in an Excel file may be an attempt to further disguise the attack... users should update their Flash player as Adobe has already released a patch for this particular vulnerability. For more information, please see their security advisory*..."
(Screenshots available at the URL above.)
* http://forums.whatth...=...st&p=719682
Flash Player v10.2.153.1 released

- http://www.f-secure....s/00002127.html
March 23, 2011

- http://sunbeltblog.b...less-japan.html

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/31/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... as exploited in the wild in March 2011..."

Edited by AplusWebMaster, 02 April 2011 - 05:36 AM.

[AplusWebMaster]

FYI...

Flash 0-day exploit in-the-wild ...
- http://krebsonsecuri...eing-exploited/
April 11, 2011 3:32 pm - "Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources... the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents... A scan of one tainted file used in this attack that was submitted to Virustotal.com* indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious..."
* http://www.virustota...507f-1302359653
File name: Disentangling Industrial Policy and Competition Policy.doc
Submission date: 2011-04-09 14:34:13 (UTC)
Result: 1/42 (2.4%)
There is a more up-to-date report...
- http://www.virustota...507f-1304526431
File name: Disentangling Industrial Policy and Competition Policy.doc
Submission date: 2011-05-04 16:27:11 (UTC)
Result: 29/41 (70.7%)

Screenshot of malicious e-mail:
- http://regmedia.co.u...icous_email.jpg
___

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
- http://www.adobe.com.../apsa11-02.html
April 11, 2011
CVE number: http://web.nvd.nist....d=CVE-2011-0611
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system... We are in the process of finalizing a schedule for delivering updates...
Affected software versions:
• Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.25 and earlier for Chrome users
• Adobe Flash Player 10.2.156.12 and earlier for Android
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue...

- http://secunia.com/advisories/44119/
Release Date: 2011-04-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
... The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content...
Original Advisory: Adobe:
http://blogs.adobe.c...-apsa11-02.html

- http://secunia.com/advisories/44149/
Release Date: 2011-04-12
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
... The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll)...

- http://www.securityt....com/id/1025324
Apr 12 2011
- http://www.securityt....com/id/1025325
Apr 12 2011

Edited by AplusWebMaster, 07 May 2011 - 05:21 AM.

[AplusWebMaster]

FYI...

Adobe Reader, Acrobat security updates
- http://forums.whatth...=...st&p=726299
April 21,2011
___

Flash Player v10.2.159.1 released
- http://forums.whatth...=...st&p=725023
___

Flash, Reader, Acrobat critical updates scheduled...
- http://www.adobe.com.../apsa11-02.html
April 13, 2011- "... We... expect to make available an update for Flash... on Friday, April 15, 2011. We expect to make available an update for Adobe Acrobat... and Adobe Reader... no later than the week of April 25, 2011..."

- http://web.nvd.nist....d=CVE-2011-0611
Last revised: 04/13/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... as exploited in the wild in April 2011..."

Edited by AplusWebMaster, 21 April 2011 - 01:28 PM.

[AplusWebMaster]

FYI...

Drive-by Flash cache attacks...
- http://www.theregist...drive_by_cache/
19 April 2011 - "Miscreants have deployed a subtle variant of the well established drive-by-download attack tactics against the website of human rights organisation Amnesty International. In traditional drive-by-download attacks malicious code is planted on websites. This code redirects surfers to an exploit site, which relies on browser vulnerabilities or other exploits to download and execute malware onto visiting PCs. The attack on the Amnesty website, detected by security firm Armorize*, relied on a different sequence of events. In this case, malicious scripts are used to locate the malware which is already sitting in the browser's cache directory, before executing it. This so-called drive-by cache approach make attacks harder to detect because no attempt is made to download a file and write it to disk, a suspicious maneuver many security software packages are liable to detect. By bypassing this step dodgy sorts are more likely to slip their wares past security software undetected. The Amnesty International attack ultimately relied on an Adobe Flash zero-day exploit, patched by Adobe** late last week..."
* http://blog.armorize...sed-in-new.html

- http://www.virustota...c227-1303129354
File name: display[1].swf
Submission date: 2011-04-18 12:22:34 (UTC)
Result: 1/40 (2.5%)

** Flash Player v10.2.159.1 released
- http://forums.whatth...=...st&p=725023

Edited by AplusWebMaster, 20 April 2011 - 06:38 PM.

[AplusWebMaster]

FYI...

> http://forums.whatth...=...st&p=730491
"... update to Adobe Flash Player 10.3.181.14..."
- http://www.securityt....com/id/1025533
May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627*] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
* http://web.nvd.nist....d=CVE-2011-0627
Last revised: 05/13/2011

Edited by AplusWebMaster, 13 May 2011 - 07:45 PM.