{"id":2984,"date":"2010-10-29T11:35:27","date_gmt":"2010-10-29T10:35:27","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2984"},"modified":"2015-09-09T19:37:24","modified_gmt":"2015-09-09T11:37:24","slug":"critical-0-day-vulnerability-in-adobe-flash-player-reader-acrobat","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/10\/critical-0-day-vulnerability-in-adobe-flash-player-reader-acrobat\/","title":{"rendered":"Critical 0-day Vulnerability In Adobe Flash Player, Reader & Acrobat"},"content":{"rendered":"

Well this seems to be a frequently recurring theme, yes there is yet another critical 0day vulnerability in Adobe<\/a> products – pretty much across the board this time.<\/p>\n

It was that long ago that a critical flaw in Flash put Android phones at risk<\/a>. The core vulnerability exists in Flash but it’s being actively exploited in Adobe Reader via the usual pdf route.<\/p>\n

The vulnerability exists across all OS versions (including Android<\/a>), but as usual the active exploitation seems to be taking place on the Windows platform.<\/p>\n

Adobe has confirmed reports that yet another unpatched vulnerability in the latest versions of its ubiquitous software is being actively exploited to infect end users with data-stealing malware.<\/p>\n

The vulnerability exists in Adobe’s Reader document viewer and Flash Media Player for Windows, OS X and Unix operating systems, Adobe warned on Thursday. According to independent researchers, it is being exploited in the wild against Reader for Windows to install a nasty trojan known as Wisp, which according to Microsoft, steals sensitive user data and installs a backdoor on compromised systems.<\/p>\n

The vulnerability itself resides in Adobe’s Flash Player, which is available as stand alone software and is also embedded into Reader. According to researcher Mila Parkour of the Contagio Malware Dump blog, poisoned PDF documents are circulating that drop two malicious binaries onto Windows machines that open the document files.<\/p>\n

A screenshot identified the two files as nsunday.exe and nsunday.dll. A Virus Total scan showed just 15 of 42 antivirus programs were detecting the malicious EXE. She didn’t say whether the attacks succeed against more recent versions of the OS, which Microsoft has designed to withstand many of the most common types of exploits.<\/p><\/blockquote>\n

This vector comes to pass as Flash<\/a> player is also embedded into Adobe Reader, so by using a malicious PDF file with the AuthPlay exploit – they can trigger the Flash player flaw and drop malware into the OS.<\/p>\n

There is information on how to disable the AuthPlay functionality at the bottom of the Adobe advisory:<\/p>\n

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat<\/a><\/p>\n

Basically you need to go to the Adobe Reader<\/a> directory and delete the AuthPlayLib.bundle<\/em> (Windows\/Mac OSX) or libauthplay.so.0.0.0. (linux) file.<\/p>\n