Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Flash 0-day being used in targeted attacks SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash 0-day being used in targeted attacks

Adobe posted a security advisory ( about a new 0-day vulnerability in Flash player. According to the post about this vulnerability (available at, Adobe says that they had reports of this new vulnerability being used in targeted attacks. These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding.

We will keep an eye on this and if the 0-day starts being used in the wild. If you have more information that you can share about this let us know.


I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2021


396 Posts
ISC Handler
Mar 14th 2011
Apparently Adobe has decided not to release patches for Reader X until the next quarterly release due to the mitigating security of Protected Mode. We roled out Adobe Reader X to nearly every machine in our environment recently to take advantage of this only to learn that it doesn't work on Citrix and doesn't let you access PDFs from DFS shares. Pretty much a deal-breaker for Protected mode in the enterprise. Now if we want this patch sooner than June 14th we need to roll back to 9.x! What a nightmare, I hope they reverse this decision.

17 Posts
upon infection, the malware connects to the following domain:

Other domains that resolve to the same IP:
4 Posts
authplay still broken after how many patch sessions?
57 Posts

Sign Up for Free or Log In to start participating in the conversation!