Adobe Flash vulnerable to remote-execution exploit

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ

Adobe Flash vulnerable to remote-execution exploit

Postby TeMerc » Tue Feb 24, 2009 4:09 pm

By Dan Goodin in San Francisco
Posted in Security, 24th February 2009 21:01 GMT

Already under the gun for a critical hole in its ubiquitous Acrobat Reader, Adobe's security team is close to pushing out a fix for another serious vulnerability, this one in the company's Flash animation software.

The remote code execution vulnerability has been confirmed in Flash for Windows and is believed to also affect versions that run on Linux and Apple's OS X, according to this advisory from VeriSign's iDefense Labs. At the time of writing, Adobe had not yet released a patch, but it's expected to do so soon, said iDefense Intelligence Director Rick Howard.

The exploit occurs as a result of the way Flash handles Shockwave files. By creating a particular object and then deleting it, attackers can gain arbitrary execution control over uninitialized memory locations where the invalid object resided, iDefense said. The technique involves the use of so-called heap molding and heap spraying, allowing memory contents to be overwritten with attack code.

nwz Continued @ The Register


Who is online

Users browsing this forum: No registered users and 1 guest