Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Flash 0-day being used in targeted attacks - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash 0-day being used in targeted attacks

Adobe posted a security advisory (http://www.adobe.com/support/security/advisories/apsa11-01.html) about a new 0-day vulnerability in Flash player. According to the post about this vulnerability (available at http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html), Adobe says that they had reports of this new vulnerability being used in targeted attacks. These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding.

We will keep an eye on this and if the 0-day starts being used in the wild. If you have more information that you can share about this let us know.

--
Bojan
INFIGO IS

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh October 2019

Bojan

381 Posts
ISC Handler
Apparently Adobe has decided not to release patches for Reader X until the next quarterly release due to the mitigating security of Protected Mode. We roled out Adobe Reader X to nearly every machine in our environment recently to take advantage of this only to learn that it doesn't work on Citrix and doesn't let you access PDFs from DFS shares. Pretty much a deal-breaker for Protected mode in the enterprise. Now if we want this patch sooner than June 14th we need to roll back to 9.x! What a nightmare, I hope they reverse this decision.
jtwaldo

17 Posts
upon infection, the malware connects to the following domain: good.mincesur.com 119.70.119.30:80

Other domains that resolve to the same IP:
download.mincesur.com
hjkl.wekby.com
man.mincesur.com
qwer.wekby.com
uiop.wekby.com
jtwaldo
4 Posts
authplay still broken after how many patch sessions?
jtwaldo
57 Posts

Sign Up for Free or Log In to start participating in the conversation!