Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Zero-Day Vulnerability

    This week is turning out to be a busy one for zero-day exploits. Days after such a bug was found in Firefox, it’s Adobe’s turn to have its products under the gun.

    According to the official Adobe security advisory, both the Flash and Acrobat/Reader product lines have been confirmed vulnerable to this latest problem. All current Flash versions are affected, regardless of platform. The same is mostly true for Acrobat and Reader—all released 9.x versions of Acrobat and Reader are affected though older 8.x versions are not. Neither is the Android version of Reader affected. Adobe states that attacks against Acrobat and Reader are in the wild but that no exploits have been found (so far) hitting Flash.

    If exploited, the vulnerability causes a system to crash and potentially allows random code execution. More details on this particular flaw have not yet been released but it appears to be very similar to the June zero-day vulnerability. As in the June attack, the vulnerable component lies in Flash. Acrobat and Reader were just both affected because they include what is, in effect, an embedded Flash Player in the file authplay.dll.

    For Acrobat and Reader, Adobe’s official advise is to remove the vulnerable component. Instructions to do so may be found at the Adobe page linked to earlier. Mitigation for Flash is only possible with Firefox, as certain extensions such as Flashblock and NoScript allow users to selectively load Flash files, protecting themselves from this flaw.

    Official fixes are due by November 9 for Flash and by November 15 for Acrobat and Reader.

    Update as of October 29, 2010 7:21 PM UTC

    Trend Micro offers protection for this flaw for enterprise users of Deep Security and OfficeScan via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF rule number 1004113.

    Update as of November 1, 2010 12:48 PM UTC

    Trend Micro detects the zero-day exploit as TROJ_PIDIEF.SMQA.

    TROJ_PIDIEF.SMQA drops a file which is detected as TROJ_WISP.SMA, which in turn connects to certain URLs to download more malicious files. The said URLs however are inaccessible as of this writing.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • Intercontinental

      Firefox team fixed the problem within 24 hrs, when Adobe quietly sits down and declares fix for November 15th, more than 2 weeks from now.
      I wonder if CEO Steve Jobs was not right when he mentioned Adobe as being lazy. Getting fed up with their crappy authplay.dll. I've already abandoned their Reader, but Flash is more problematic.
      Gosh, what a company …



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice