Adobe has warned users of a critical vulnerability in its Flash Player which could potentially allow an attacker to take remote control of the compromised system.
Attackers are exploiting the latest Flash Player bug by embedding malicious Flash files within a Microsoft Word document that is emailed to users as an attachment, Adobe said in a security advisory (CVE-2011-0611) issued 11 April. The company did not give any indication as to when the bug will be patched, as it was “finalising a schedule.”
The same vulnerability also exists in Adobe Reader and Acrobat, as they can both read Flash content inserted in PDF files. However, Adobe said it was not aware of any attacks via PDF targeting Adobe Reader and Acrobat currently in the wild.
If executed, the rogue Word document could cause the system to crash and allow attackers to take control of the affected system, according to the advisory.
The previously disclosed Flash bug, patched 21 March, was very similar, except attackers used a rogue Excel spreadsheet to hide its malicious Flash code. RSA Security revealed on 1 April that cyber-criminals used the Excel spreadsheet exploit to gain entry into RSA’s network and steal information related to the SecurID two-factor authentication technology.
Like the previous Flash bug, this latest one is neutralised in Adobe Reader X, which utilises a sandbox that prevents the exploit from executing.
“It’s great that the sandbox is working against some of these exploits, but it suggests it is OK to consume malicious code because you have ‘protection,'” Wisniewski said.
Users can revert to either Adobe Reader 8 or upgrade to Adobe Reader X. Reader X is available only for Windows users.
One instance of the malicious Word document seen in the wild is named “Disentangling Industrial Policy and Competition Policy,” which is sent to targeted recipients as an attachment, according to Mila Parkour, the independent security researcher who reported the latest flaw to Adobe. The sample she saw claimed the document was a copy of the American Bar Association’s Antitrust Source newsletter, Parkour wrote on her Contagio Malware Dump blog.
The email message’s subject line is similar to the file name, and reads, “Disentangling Industrial Policy and Competition in China,” Parkour said. The body of the message claims the article would be of interest to anyone wanting to know about China’s Anti-Monopoly Law.
Considering that the most recent issue of Antitrust Source contains a legitimate article by the same name, which is available on the newsletter’s website, it’s likely that people would fall for the ruse, especially if they were members of the legal community.
The document has been used in targeted spear-phishing campaigns against select organizations and individuals working with the US government, according to Brian Krebs on Krebs on Security.
Currently, Commtouch is the only major antivirus vendor whose security software correctly detects the malicious Word document, according to VirusTotal, a service that analyses suspicious files and checks them against 42 major antivirus products.
The vulnerability impacts Adobe Flash Player 10 on all operating systems and Adobe Reader 9 and X for Windows and Macintosh, according to the advisory. It does not affect Adobe Reader for Android, Unix or Adobe Reader/Acrobat 8.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…