Reply
Wed 28 May, 2008 07:53 am
From a security advisory from one of our vendors:
Quote:Attackers insert SCRIPT and IFRAME tags into the content of trusted, legitimate web sites via a known SQL injection attack. Those tags redirect the user to the attacker's server which hosts the Flash exploit. Tens of thousands of web sites are vulnerable to the SQL injection attack, meaning the distribution potential is high.
...
The only confirmed vulnerable version is (pre-patch) 9.0.115.0.
...
**** advises clients to verify that all Adobe Flash installations are running version 9.0.124 or later. This version may also be referred to as "9f", "9,0,124,0", "9.0 r124" or similar. However, Adobe Flash does not store version information in the registry. For individual PCs, the version of the currently installed Flash Player can be determined by visiting this Adobe web page:
http://www.adobe.com/products/flash/about/
...
Payloads vary but generally include the installation of downloaders, backdoors, and password stealing spyware Trojans. While detection of the various Trojans is good on average, some remain undetected by major AV engines. None of the major AV engines detected the actual exploit Flash file at the time this advisory was written. Now that samples have been obtained, anti-virus companies are updating their signatures accordingly.
My flash player was at 9.0.115.0. I'm upgrading now.
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
crap...what does that mean?
mismi wrote:crap...what does that mean?
Go to:
http://www.adobe.com/products/flash/about/ .
If your version reads as 9.0.115.0 or earlier, then install the latest version of flash player.
Also, check all browsers, IE, firefox, etc. as each browser uses a separate plugin.
Oh no...what? I don't know Firefox...Mine is Internet Explorer (I had to look up what a browser was)...how do I check that? I am technologically retarded...so please forgive me if I seem ignorant here...I just am.
mismi wrote:Oh no...what? I don't know Firefox...Mine is Internet Explorer (I had to look up what a browser was)...how do I check that? I am technologically retarded...so please forgive me if I seem ignorant here...I just am.
If you only use Internet Explorer, then no worries.