• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

On Tuesday, July 21, 2009, symantec became Aware of a Previously Un-Known Vulnerability Affecting Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Attackers can Exploit the Issue to Execute Arbitrary Code by enticing a Vulnerable User into visiting a Malicious Web Site or Opening a Malicious File. This Issue is being Exploited In-The-Wild in Limited Attacks.

On July 21, 2009, Adobe acknowledged the Vulnerability in the following Post: http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html.

Users are Advised to:

- Avoid following Web Links that Originate from Un-Known or Un-Trusted Sources.

- Avoid Processing Files that Originate from Un-Known or Un-Trusted Sources.

- Implement multiple redundant layers of security such as Non-Executable Stack/Heap Configurations and Randomly-Mapped Memory Segments.

- Deploy Intrusion Detection to Monitor Network Traffic for Malicious Activity.

- Run all Software as a Non-Privileged User with Minimal Access Rights.

For more information, see the following Vulnerability Alert:

Adobe Acrobat, Reader and Flash Player Un-Specified Vulnerability: http://www.securityfocus.com/bid/35759.

Message Edited by Floating_Red on 07-22-2009 08:25 PMMessage Edited by Floating_Red on 07-22-2009 08:26 PMMessage Edited by Floating_Red on 07-22-2009 08:26 PMMessage Edited by Floating_Red on 07-22-2009 08:27 PM
Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies

Kudos0

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

There is a very good short summary about this on the SANS Internet Storm Center.  They've even coined a new acronym that pretty much says it all.  So far, no mitigation guidelines other than blocking Flash content with NoScript in Firefox.
"Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication." - Brian Krebs, Krebs on Security
Kudos0

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Updates are Available; please see Web Link for More Details.

http://www.securityfocus.com/bid/35759/solution.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos1 Stats

Re: Adobe Reader, Acrobat and Adobe Flash Player Vulnerabiliy Being Exploited In-The-Wild

Patches have now been Released in July/August 2009.  Sorry for the late Update on this Issue.

Update on Adobe Reader, Acrobat and Flash Player Issue: http://blogs.adobe.com/psirt/2009/07/update_on_adobe_reader_acrobat.html.

Security advisory for Adobe Reader, Acrobat and Flash Player:  http://www.adobe.com/support/security/advisories/apsa09-03.html.

 

Security updates available for Adobe Flash Player, Adobe Reader and Acrobat: http://www.adobe.com/support/security/bulletins/apsb09-10.html.

 

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]

Replies are locked for this thread.