Author Topic: Another zero day in Adobe flash player  (Read 8414 times)

0 Members and 1 Guest are viewing this topic.

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Another zero day in Adobe flash player
« on: July 23, 2009, 08:42:10 AM »
Hello everyone,

just found this new 0-day article in ISC,

http://isc.sans.org/diary.html?storyid=6847

avast doesn't detect it.(link in the article to virus total tells this)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re: Another zero day in Adobe flash player
« Reply #1 on: July 23, 2009, 03:31:55 PM »
Very interesting article, and especially the "Regarding Flash, NoScript is your best help here, of course."

Presumable this is also sidestepped if you don't use Adobe's PDF reader, but something like FoxitPDF reader, etc.

Quote
It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?).

So yet more advice to use firefox with NoScript and don't use Adobe Acrobat PDF reader ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #2 on: July 23, 2009, 03:35:08 PM »
list of other pdf readers (sometimes these are advised to use, previously when there were adobe exploits):

http://www.pdfreaders.org/

cinchez

  • Guest
Re: Another zero day in Adobe flash player
« Reply #3 on: July 23, 2009, 04:30:58 PM »
Oh God!

Does Disabling the Adobe Acrobat Plug-in for FF works?

I have NoScript as well..

-AnimeLover^^

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #4 on: July 23, 2009, 04:37:40 PM »
@addict

yes that should work for a pdf file. if you use noscript then you are safe as mentioned in the article..

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re: Another zero day in Adobe flash player
« Reply #5 on: July 23, 2009, 04:38:21 PM »
Does Disabling the Adobe Acrobat Plug-in for FF works?

I have NoScript as well..

Not if the PDF file which would normally be viewed on-line (using the FF plug-in) is downloaded and opened with Adobe PDF reader, as the vulnerability is also in the reader as well as adobe flash.

NoScript will only protect against the vulnerability in the flash player and then only if you haven't allowed the site to run scripts and also allow flash (NoScript, Options, Plugins tab, Forbid Adobe Flash).
« Last Edit: July 23, 2009, 04:40:10 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #6 on: July 23, 2009, 04:43:45 PM »
accept with david r

Hermite15

  • Guest
Re: Another zero day in Adobe flash player
« Reply #7 on: July 23, 2009, 04:49:32 PM »
geez it's the second time in a very short time there's a bad vulnerability in adobe products...

edit: last time that concerned "reader" only and they advised to disable JavaScript (until the fix would be available): in the reader settings itself.
« Last Edit: July 23, 2009, 04:55:04 PM by Logos »

cinchez

  • Guest
Re: Another zero day in Adobe flash player
« Reply #8 on: July 23, 2009, 04:51:10 PM »
Thanks nmb and DavidR^^

-AnimeLover^^

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #9 on: July 23, 2009, 04:52:54 PM »
always welcome

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89331
  • No support PMs thanks
Re: Another zero day in Adobe flash player
« Reply #10 on: July 23, 2009, 06:09:46 PM »
Thanks nmb and DavidR^^

-AnimeLover^^

You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #11 on: July 23, 2009, 10:54:44 PM »
Why turning off Javascript won't help this time

check this blog:

http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html

Hermite15

  • Guest
Re: Another zero day in Adobe flash player
« Reply #12 on: July 23, 2009, 11:01:37 PM »
Why turning off Javascript won't help this time

check this blog:

http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html

oh, thanks for that link  ;)

Offline nmb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3054
Re: Another zero day in Adobe flash player
« Reply #13 on: July 25, 2009, 05:57:48 AM »
hello everyone,

update :

Adobe 'zero-day' flaw is eight months old : http://blogs.zdnet.com/security/?p=3792
« Last Edit: July 25, 2009, 06:14:49 AM by nmb »

cinchez

  • Guest
Re: Another zero day in Adobe flash player
« Reply #14 on: July 25, 2009, 06:07:54 AM »
WTF!?

Cant believe Adobe hasnt updated their products yet! >:(

What a fatal flaw!

-AnimeLover^^