Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Flash 0-days

Get this blog as an RSS Feed
12:50 CET on the 12th April 2011
Entry written by Thomas Kristensen.

At the beginning of March, a 0-day vulnerability surfaced in Adobe Flash Player within the ActionScript Virtual Machine 2 (AVM2), which handles ActionScript 3.0 language. The vulnerability was exploited via Excel documents containing specially crafted Flash content and follow-up reports show that this was exploited e.g. in the compromise of RSA.

A month later, and after a fixed version of Adobe Flash Player being released, another 0-day vulnerability has surfaced in the latest version of Adobe Flash Player. This time it's exploited via Word documents and was reportedly sent to a number of people including assistants of former high-ranked politicians, who are now working at global consulting companies.

This confirms that Adobe Flash Player is still a very popular target for cybercriminals and for good reason as Secunia PSI/CSI statistics show that it's installed on 96.1% of all Windows systems. In the past, Flash Player 0-days were often delivered via PDF files targeting Adobe Reader/Acrobat, which bundles Flash Player, but it seems after the release of Adobe Reader/Acrobat X that Office documents have become the new attack vector.

Secunia Research is currently analysing this vulnerability as well as closely monitoring any news about its exploitation. Additional details will be added to our advisories available on our website and customer area for VIM customers. Also, as soon as patches are available, Secunia PSI users and Secunia CSI customers will be informed and can roll out patches quickly and efficiently to ensure that their systems are updated and protected against malware exploiting this vulnerability.

Stay Secure,

Thomas Kristensen

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Flash 0-days
 
User Message
[+]

mpergande13

RE: Flash 0-days
This reply has been minimised due to a negative Relevancy Score.

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability