Exploit for Patched Flash Bug

Monday, February 17, 2014 @ 10:02 AM gHale

There are more attacks exploiting another Flash Player vulnerability on Windows, Linux and OS X. Patched in November 2013, attackers bet big users did not install the fix and ended up using a vulnerable version (11.9.900.117 and earlier).

The exploit comes in the form of a SWF file, and ended up injected into some usually clean sites, said Microsoft researchers.

Big Network Time Protocol DDoS
Spoofing Bug Infests Uploader Software
GitHub Hit by DDoS Attack, Again
Top 10 DDoS Attack Trends

But a simple visit to such a site with an outdated version of Flash triggers the vulnerability. A heap spray and shellcode attack then executes, and an encrypted portable executable file drops on the visitor’s computer.

The malicious payload is a Trojan downloader, which currently has a relatively good detection rate. Nevertheless, if a user doesn’t have an AV solution installed, he or she will be end up loaded up with the malware.

This attack, much like all the others relies upon users not installing a patch. So the lesson learned is if the user does not update the Adobe Flash Player installation after the recent discovery of a critical vulnerability, he or she should.

Click here for more technical details about the exploit.

Leave a Reply

You must be logged in to post a comment.