0
   

Hackers exploiting flaw in Adobe Flash Player

Forums: Computers
Email this Topic Print this Page
 
 
DrewDad
 
Reply Wed 28 May, 2008 07:53 am
From a security advisory from one of our vendors:

Quote:
Attackers insert SCRIPT and IFRAME tags into the content of trusted, legitimate web sites via a known SQL injection attack. Those tags redirect the user to the attacker's server which hosts the Flash exploit. Tens of thousands of web sites are vulnerable to the SQL injection attack, meaning the distribution potential is high.

...

The only confirmed vulnerable version is (pre-patch) 9.0.115.0.

...


**** advises clients to verify that all Adobe Flash installations are running version 9.0.124 or later. This version may also be referred to as "9f", "9,0,124,0", "9.0 r124" or similar. However, Adobe Flash does not store version information in the registry. For individual PCs, the version of the currently installed Flash Player can be determined by visiting this Adobe web page:

http://www.adobe.com/products/flash/about/

...

Payloads vary but generally include the installation of downloaders, backdoors, and password stealing spyware Trojans. While detection of the various Trojans is good on average, some remain undetected by major AV engines. None of the major AV engines detected the actual exploit Flash file at the time this advisory was written. Now that samples have been obtained, anti-virus companies are updating their signatures accordingly.


My flash player was at 9.0.115.0. I'm upgrading now.

http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 0 • Views: 1,074 • Replies: 8
No top replies

 
mismi
 
  1  
Reply Wed 28 May, 2008 08:06 am
crap...what does that mean?
0 Replies
 
Phoenix32890
 
  1  
Reply Wed 28 May, 2008 08:08 am
DrewDad- Thanks for the "heads up"! Very Happy
0 Replies
 
DrewDad
 
  1  
Reply Wed 28 May, 2008 08:35 am
mismi wrote:
crap...what does that mean?

Go to: http://www.adobe.com/products/flash/about/ .

If your version reads as 9.0.115.0 or earlier, then install the latest version of flash player.
0 Replies
 
mismi
 
  1  
Reply Wed 28 May, 2008 08:41 am
did it...thanks DrewDad
0 Replies
 
DrewDad
 
  1  
Reply Wed 28 May, 2008 09:02 am
Also, check all browsers, IE, firefox, etc. as each browser uses a separate plugin.
0 Replies
 
mismi
 
  1  
Reply Wed 28 May, 2008 09:55 am
Oh no...what? I don't know Firefox...Mine is Internet Explorer (I had to look up what a browser was)...how do I check that? I am technologically retarded...so please forgive me if I seem ignorant here...I just am.
0 Replies
 
DrewDad
 
  1  
Reply Wed 28 May, 2008 10:22 am
mismi wrote:
Oh no...what? I don't know Firefox...Mine is Internet Explorer (I had to look up what a browser was)...how do I check that? I am technologically retarded...so please forgive me if I seem ignorant here...I just am.

If you only use Internet Explorer, then no worries.
0 Replies
 
mismi
 
  1  
Reply Wed 28 May, 2008 10:35 am
Thank you!
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Hackers exploiting flaw in Adobe Flash Player
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 09/28/2024 at 11:23:55