Adobe today released an advisory to warn almost a remote code execution vulnerability inward Flash Player, which also affects Adobe Reader as well as Acrobat.
This critical vulnerability has been assigned CVE-2011-0609.
Currently seen attacks piece of job through a malicious SWF file which is embedded within an Excel file. The target must opened upward a malicious XLS file for a vulnerability inward Flash to last exploited.
This form of construction is a perfect setup for targeted attacks. And non surprisingly, targeted attacks bring indeed been reported.
During testing, the item exploit was non able to run successfully on Windows 7. It did piece of job on Windows XP. It's probable though a ROP-exploit would last able to exploit this vulnerability nether Windows 7.
Call me old-fashioned, only I don't actually run into the indicate of embedded SWFs within Excel documents. From my indicate of view, this is a clear event of also much functionality inward a production leading to safety problems.
As such, it would last swell if Microsoft would let us to plough off these excess features. Or, alternatively, Adobe could disallow such integration to trim the gear upward on surface.
The argue why the attackers are using Excel every bit a delivery vehicle is simple. This agency the gear upward on tin dismiss easily last delivered through email. So last extra cautious when y'all have XLS files y'all didn't request.
Adobe volition last publishing a while during the calendar week of March 21. Reader X volition solely last patched on June 14th, every bit its protected fashion offers sufficient mitigation according to Adobe.
Share This :
comment 0 Comments
more_vert