In association with heise online

28 May 2008, 10:47

Critical vulnerability in Flash Player being actively exploited

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has warned of a security hole in Adobe's Flash Player that is already being exploited by web sites to install trojans onto users' computers. Adobe is still analysing the bug and has not yet been able to release an update.

According to Symantec, Chinese servers are currently serving code which exploits this security vulnerability. They cite the domains and The Internet Storm Center has also found exploit code on The code can be called by injected links on compromised web sites, using IFrames to inject trojans onto victims' computers. Using a Google search, Symantec has already identified more than 20,000 hacked websites linking to alone.

The malicious code only appears to be attacking Windows at present. ISC reports that it downloads the files ax.exe and setip.exe. However, the vulnerability probably affects Flash Player for other operating systems as well. It is therefore likely to be just a question of time before malware coders are distributing malicious code for Linux and Mac OS X.

Until Adobe releases an update for the vulnerable versions up to and including, users should take their own precautions against malicious .swf files. Network administrators should block access to identified malicious domains at the gateway. The Firefox add-ons Flashblock and NoScript replace Flash objects embedded in web sites with placeholders and only load the objects when instructed to do so by the user.

For Internet Explorer users, uninstalling Flash Player is the best remedy. Adobe offers a standalone uninstaller to remove the program. According to Symantec, setting the kill bit for ClassID d27cdb6e-ae6d-11cf-96b8-444553540000 until an update is available will also help to protect from attacks. IE users can also, however, block execution of Flash objects and consign the browser to a sandbox using the c't IE Controller (German language page) which should also work for English language users.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit