Bing Vulnerability Fixed in a Flash

Monday, March 19, 2012 @ 04:03 PM gHale


There is a critical severity flaw in Bing that has a remotely exploitable Flash component vulnerability that could allow an attacker to implement malicious persistent comments while the user was editing or posting via Flash.

Security researchers Subho Halder, Aditya Gupta and Dev Kar discovered the flaw and reported it to Microsoft February 7; the company responded two days later and by March 14 the software giant patched it.

RELATED STORIES
Patch Tuesday also Exploit Tuesday
Bounty for Patched RDP Exploit
Microsoft Shuts RDP Hole
Mozilla Firefox 11 Ready to Go

If unaddressed, the remotely exploitable Flash component vulnerability may have allowed an attacker to implement malicious persistent comments while the user was editing or posting via Flash.

The vulnerable module was the Comments&Edit – Flash Input/Output when swf files created with Action Script loaded.

With the vulnerability, it is fairly easy for an attacker to remotely exploit the vulnerabilities, without much user interaction required.

Bing’s popularity is on the rise as people use it to perform searches and other tasks.

Vulnerability researchers have been finding weaknesses and helping website administrators and vendors patch products.



Leave a Reply

You must be logged in to post a comment.