My next class:

Adobe Flash 0-day being used in targeted attacks

Published: 2011-03-14. Last Updated: 2011-03-14 20:09:26 UTC
by Bojan Zdrnja (Version: 1)
3 comment(s)

Adobe posted a security advisory (http://www.adobe.com/support/security/advisories/apsa11-01.html) about a new 0-day vulnerability in Flash player. According to the post about this vulnerability (available at http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html), Adobe says that they had reports of this new vulnerability being used in targeted attacks. These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding.

We will keep an eye on this and if the 0-day starts being used in the wild. If you have more information that you can share about this let us know.

--
Bojan
INFIGO IS

Keywords: adobe flash
3 comment(s)
My next class:

Comments

Apparently Adobe has decided not to release patches for Reader X until the next quarterly release due to the mitigating security of Protected Mode. We roled out Adobe Reader X to nearly every machine in our environment recently to take advantage of this only to learn that it doesn't work on Citrix and doesn't let you access PDFs from DFS shares. Pretty much a deal-breaker for Protected mode in the enterprise. Now if we want this patch sooner than June 14th we need to roll back to 9.x! What a nightmare, I hope they reverse this decision.
upon infection, the malware connects to the following domain: good.mincesur.com 119.70.119.30:80

Other domains that resolve to the same IP:
download.mincesur.com
hjkl.wekby.com
man.mincesur.com
qwer.wekby.com
uiop.wekby.com
authplay still broken after how many patch sessions?

Diary Archives