|
|
Vulnerability in Adobe Flash Player being actively exploited |
|
Date: 30 May 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9373 Security highlights from this week include active exploitation of Adobe Flash Player, facilitated by a mass SQL injection campaign. There was also a critical vulnerability disclosed in CiscoWorks Common Services which is used in numerous Cisco products, critical vulnerability in Samba disclosed, as well as a large OSX update patch released catching up on numerous vulnerabilities. Installations of Adobe Flash Player should be immediately upgraded to version 9.0.124.0, we've included some more information regarding this vulnerability below. Vulnerability in Adobe Flash Player being actively exploitedThis week has seen widespread exploitation of a vulnerability in Adobe Flash Player. There has been differing reports as to which versions are vulnerable, with initial reports from Symantec and other security vendors indicating this was a 0-day unpatchedvulnerability. Adobe has updated their information on this vulnerability after conducting an analysis of samples indicating it is in fact patched in their most recent version of Flash Player, 9.0.124.0. The exploitation was spread via mass SQL injection of sites, with special attention taken against online gaming community websites. Members maintaining websites should check to ensure they haven't been compromised and had any code injected into their website, specifically anything with a javascript extension (.js) or a direct link to a Flash file (.swf). We've collated a small, non-exhaustive list of some of the sites hosting the malicious content. Site administrators can check their proxy logs to see if any of their users have visited any of these sites, but to emphasis this is not an exhaustive list. Note: Please do not visit the URLs as they are hosting dangerous content, the URLs are obfuscated to ensure people don't accidentally visit the URLs. hxxp://www,play0nlnie,com/pcd/topics/ff11us/20080311cPxl31/07.swf hxxp://www,play0nlnie,com/pcd/topics/ff11us/20080311cPxl31/WIN%209,0,115,0ie.swf hxxp://www,woai117,cn/WIN%209,0,115,0i.swf hxxp://www,woai117,cn/WIN%209,0,115,0f.swf hxxp://w-w,dota11,cn/123.htm hxxp://killpp,cn/m.js hxxp://w-w,woai117,cn/i1231.swf hxxp://www,woai117,cn/4561.swf hxxp://bb,wudiliuliang,com/ie1.swf hxxp://bb,wudiliuliang,com/ie2.swf hxxp://user1,isee080,net/flash1.swf hxxp://user1,isee080,net/flash2.swf hxxp://www,iphone001,com/ff/WIN%209,0,115,0ff.swf hxxp://www,iphone001,com/ie/WIN%209,0,115,0ie.swf hxxp://www,tongji123,org/01855.swf hxxp://www,tongji123,org/1231.swf hxxp://www,tongji123,org/i1231.swf hxxp://www,tongji123,org/1922.swf hxxp://ageofconans,net/WIN%209,0,115,0i.swf hxxp://ageofconans,net/4562.swf hxxp://ageofconans,net/WIN%209,0,115,0f.swf hxxp://ageofconans,net/4561.swf hxxp://user1,12-26,net/flash1.swf hxxp://user1,12-26,net/flash2.swf hxxp://user1,12-27,net/flash1.swf hxxp://user1,12-27,net/flash2.swf hxxp://www,lkjrc,cn/1232.swf hxxp://ww,lkjrc,cn/i1232.swf Regards, AusCERT |