Author Topic: Adobe Flash zero-day exploit in the wild *Updated*  (Read 10383 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89210
  • No support PMs thanks
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #15 on: May 30, 2008, 12:09:48 AM »
NoScript also has Flash blocking so it should block good or bad, so I assume it is that is what the NoScript remark is about.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #16 on: May 30, 2008, 12:12:57 AM »
Hi kubecj,

NoScript blocks Adobe Flash on a page by default, you can pre-scan the swf link and then temporarily allow.Other options are implement a killbit for the following CLSID: d27cdb6e-ae6d-11cf-96b8-444553540000. Another option is the use of frees AxBan to do this automatically and this also blocks malicious ActiveX controls: http://portal.erratasec.com/axb/AxBan.exe

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #17 on: May 30, 2008, 07:51:31 AM »
Well worth a read  ::)
Adobe Flash Player Flaw - Massive Exploitation
"Security sites are warning of increased dangers of malformed Shockwave Flash (SWF) objects. Possibly 250,000 web pages hosting this new exploit. It is important to move to the latest version of Flash if prompted or manually update if you are not on version 9.0.124."
« Last Edit: May 31, 2008, 06:31:08 AM by tednelly »
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

Sesame

  • Guest
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #18 on: May 30, 2008, 10:52:49 AM »
I picked Flash Player 10 beta plugin from the official site, which is supposed not to have this vulnerability and extracted NPSWF32.dll to \Data\plugins folder of Firefox Portable.  The plug-in works fine with the unofficial Firefox RC2 build(2008052906) on most sites I visited, with some exceptions including some major sites such as CNN.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Adobe Flash zero-day exploit in the wild *Updated*
« Reply #19 on: May 31, 2008, 08:13:06 PM »
Well test it in your browser from this page, and see that NoScript protects you:
http://www.jumperz.net/index.php?i=2&a=1&b=8

In short, anti-dns pinning and dns-rebinding attacks can be used to make your browser think it can send information X to site B, since site B belongs to same site as site A (which is some good site). This can be exploited simply over the browser window using javascript, java or flash. Using this kind of attack, the owner of any www-page can get access to your internal network, such as router, external firewall, other computers in your LAN, etc. etc. because your computer is being told that site B is located on the same domain/IP that the site A is (and your computer thinks it safe to send such information there therefore).

Now, browsers have been protected against this kind of attacks for some time now. However, javascript, java and flash arent. They are still vulnerable.

This sound pretty damm serious if you have anything inside your own LAN that is not firewalled or if you dont have good passphrases on your router/modem!!!

More information in here

- »crypto.stanford.edu/dns/
- »www.doxpara.com/DMK_BO2K7_Web.ppt
- »crypto.stanford.edu/dns/dns-rebinding.pdf

Tests
- »www.jumperz.net/index.php?i=2&a=1&b=7
- »www.jumperz.net/index.php?i=2&a=3&b=3
- »www.jumperz.net/index.php?i=2&a=1&b=9
--
pol

P.S. From the implication you will get this online javascript port scanner:
http://www.gnucitizen.org/projects/javascript-port-scanner/

enjoy,

D
« Last Edit: May 31, 2008, 08:26:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!