Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Adobe warns of new Flash Player zero-day attack


11 Apr 2011   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Adobe warns of new Flash Player zero-day attack

Once again folks......
Quote:
Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document.

In both cases, the attacks are being used to steal corporate secrets.
Here’s the gist of the latest Flash Player zero-day:

A
critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.


Adobe says it is in the process of finalizing a schedule for delivering patches for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.

Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe plans to fix this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
AFFECTED SOFTWARE VERSIONS
  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
Article:

Adobe warns of new Flash Player zero-day attack | ZDNet


My System SpecsSystem Spec
.

11 Apr 2011   #2

Windows 7 Professional 64 Bit SP1
 
 

The frequent amount of 0 days being found in Adobe products is becoming quite troublesome. It's enough hassle having to update my XP guest computer semi-frequently, but to have to do it for all three of my computers' would be rather time consuming. Is why I removed Adobe Reader/Flash from my two Windows 7 computers.

Yes Flash does have a high profile, just like the Windows OS's does, hence why they are frequently targeted. HOWEVER, I have only ever been affected by one Windows exploit and that was quite some years ago, back when I only had XP computers. It was the Windows blaster virus. No Windows exploit before or after that has affected my computers. My current XP guest computer on the other hand has been hit once or twice by Flash exploits when relatives came around and their kids did some casual browsing but it's easily restored and contains no personal data (almost like a dumb terminal but not )
My System SpecsSystem Spec
11 Apr 2011   #3

Windows7 Pro 64bit SP-1; Windows XP Pro 32bit
 
 

Borg

Thanks for the heads up.

Mike
My System SpecsSystem Spec
.


Reply

 Adobe warns of new Flash Player zero-day attack




Thread Tools



Similar help and support threads for2: Adobe warns of new Flash Player zero-day attack
Thread Forum
Solved IE9 vs. Adobe Flash Player 11 Browsers & Mail
Adobe warns of 'critical' Flash Player security holes 3/6/12 Security News
Solved Adobe Flash Player 10.3 Browsers & Mail
New Adobe Flash Attack -Fix is out News
HELP with Adobe Flash Player Browsers & Mail
Adobe Flash Player Software
Adobe Flash Player Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:48 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33