Andrew Pollack's Blog

Technology, Family, Entertainment, Politics, and Random Noise

Zero-Day Exploit in the wild today, and fairly widespread. Exploits FLASH browser plug-ins.

By Andrew Pollack on 05/28/2008 at 08:15 AM EDT

Today is not a good day to go to web sites you don't know well. Even many known sites are being used as exploit redirects.

http://www.securityfocus.com/bid/29386/info

Adobe Flash Player SWF File Unspecified Remote Code Execution Vulnerability Symantec has observed that this issue is being actively exploited in the wild. Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.

From SlashDot:

"Security researchers have found evidence of a previously unknown Adobe Flash vulnerability being exploited in the wild. The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers. From the article: 'Continued investigation reveals this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages) most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.'"


There are  - loading -  comments....



Other Recent Stories...

  1. 04/04/2020How many Ventilators for the price of those tanks the Pentagon didn't even want?This goes WAY beyond Trump or Obama. This is decades of poor planning and poor use of funds. Certainly it should have been addressed in the Trump, Obama, Bush, Clinton, Bush, and Reagan administrations -- all of which were well aware of the implications of a pandemic. I want a military prepared to help us, not just hurt other people. As an American I expect that with the ridiculous funding of our military might, we are prepared for damn near everything. Not just killing people and breaking things, but ...... 
  2. 01/28/2020Copyright Troll WarningThere's a copyright troll firm that has automated reverse-image searches and goes around looking for any posted images that they can make a quick copyright claim on. This is not quite a scam because it's technically legal, but it's run very much like a scam. This company works with a few "clients" that have vast repositories of copyrighted images. The trolls do a reverse web search on those images looking for hits. When they find one on a site that looks like someone they can scare, they work it like ...... 
  3. 03/26/2019Undestanding how OAUTH scopes will bring the concept of APPS to your Domino serverWhile a full description of OATH is way beyond what I can do in this quick blog entry, I wanted to talk a bit about how "SCOPES" interact with the already rich authorization model used by Domino. Thanks to the fantastic work by John Curtis and his team, the node.js integration with Domino is going to be getting a rich security model. What we know is that a user's authorizations will be respected through the node.js application to the Domino server -- including reader names, ACLs, Roles, and so on. The way ...... 
  4. 02/05/2019Toro Yard Equipment - Not really a premium brand as far as I am concerned 
  5. 10/08/2018Will you be at the NYC Launch Event for HCL Domino v10 -- Find me! 
  6. 09/04/2018With two big projects on hold, I suddenly find myself very available for new short and long term projects.  
  7. 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino? 
  8. 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back. 
  9. 02/15/2018Andrew’s Proposed Gun Laws 
  10. 05/05/2016Is the growing social-sourced economy the modern back door into socialism? 
Click here for more articles.....


pen icon Comment Entry
Subject
Your Name
Homepage
*Your Email
* Your email address is required, but not displayed.
 
Your thoughts....
 
Remember Me  

Please wait while your document is saved.