RTFA: http://blogs.msdn.com/larryosterman/archive/2008/0…
Robert Hensing linked to a post by Thomas Ptacek over on the Matasano Chargen blog. Thomas (who is both a good hacker AND a good writer) has a writeup of a “game-over” vulnerability that was just published by Mark Dowd over at IBM’s ISS X-Force that affects Flash. For those that don’t speak hacker-speak, in this case, a “game-over” vulnerability is one that can be easily weaponized (his techniques appear to be reliable and can be combined to run an arbitrary payload). As an added bonus, because it’s a vulnerability in Flash, it allows the attacker to write a cross-browser, cross-platform exploit - this puppy works just fine in both IE and Firefox (and potentially in Safari and Opera).
This vulnerability doesn’t affect Windows directly, but it DOES show how a determined attacker can take what was previously thought to be an unexploitable failure (a null pointer dereference) and turn it into something that can be used to 0wn the machine.
Every one of the “except not quite” issues that Thomas writes about in the article represented a stumbling block that the attacker (who had no access to the source to Flash) had to overcome - there are about 4 of them, but the attacker managed to overcome all of them.
This is seriously scary stuff. People who have flash installed should run, not walk over to Adobe to pick up the update.
Seems there’s been a lot of discussion about this the last few days… and it’s not clear to me that a single SWF could be made to target multiple operating systems at a time… but it does look like a Windows target can be pwned through IE or Firefox, irrespective of the flash build.
older post
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)