Published in News

Zero day flash hole sparks concern

by on28 May 2008

Image

Chinese whispers

 

A previously unknown Adobe Flash vulnerability is being exploited in the wild through a Chinese version of the MPack exploit kit. The exploits are being injected into third-party sites to redirect targets to servers packed with malware.

According to  SecurityFocus an attacker may exploit this problem to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected. When the exploit fires, it checks the Flash version on the vulnerable computer and, depending on the result, it uses a different .SWF (shockwave) file to take complete control of the machine, Security Focus said.

The threat has been dubbed "very serious."

Last modified on 28 May 2008
Rate this item
(0 votes)