Adobe issued its second bulletin in four weeks about a critical Flash vulnerability. This time, attackers are using a Word document with Flash embedded.
the second time in four weeks, Adobe warned users of a critical vulnerability
in its Flash Player that could potentially allow an attacker to take remote
control of the compromised system.
are exploiting the latest Flash Player bug by embedding malicious Flash files
within a Microsoft Word document that is emailed to users as an attachment,
Adobe said in a security
issued April 11. The company did not give any
indication as to when the bug will be patched, as it was "finalizing a
same vulnerability also exists in Adobe Reader and Acrobat, as they can both
read Flash content inserted in PDF files. However, Adobe said it was not aware
of any attacks via PDF targeting Adobe Reader and Acrobat currently in the
executed, the rogue Word document could cause the system to crash and allow
attackers to take control of the affected system, according to the advisory.
previously disclosed Flash
bug, patched March 21
, was very similar, except attackers used a rogue
Excel spreadsheet to hide its malicious Flash code. RSA
revealed on April 1 that cyber-criminals used the Excel
spreadsheet exploit to gain entry into RSA's network and steal information
related to the SecurID two-factor authentication technology.
the previous Flash bug, this latest one is neutralized in Adobe Reader X, which
utilizes a sandbox that prevents the exploit from executing.
will be fixing the issue on all affected software with the exception of Adobe
Reader X, in a practice Chester Wisniewski, senior security adviser at Sophos,
called "distasteful" on the NakedSecurity
great that the sandbox is working against some of these exploits, but it
suggests it is OK to consume malicious code because you have
'protection,'" Wisniewski said.
can revert to either Adobe Reader 8 or upgrade to Adobe Reader X. Reader X is
available only for Windows users.
instance of the malicious Word document seen in the wild is named
"Disentangling Industrial Policy and Competition Policy," which is sent to
targeted recipients as an attachment, according to Mila Parkour, the
independent security researcher who reported the latest flaw to Adobe. The
sample she saw claimed the document was a copy of the American Bar
Association's Antitrust Source newsletter, Parkour wrote on her Contagio
Malware Dump blog
email message's subject line is similar to the file name, and reads,
"Disentangling Industrial Policy and Competition in China," Parkour said. The
body of the message claims the article would be of interest to anyone wanting
to know about China's Anti-Monopoly Law.
that the most recent issue of Antitrust Source contains a legitimate article by
the same name, which is available on the newsletter's Website, it's likely that
people would fall for the ruse, especially if they were members of the legal
document has been used in targeted spear-phishing campaigns against select
organizations and individuals working with the U.S. government, according to
Brian Krebs on Krebs
Commtouch is the only major antivirus vendor whose security software correctly
detects the malicious Word document, according to VirusTotal, a service that
analyzes suspicious files and checks them against 42 major antivirus products.
vulnerability impacts Adobe Flash Player 10 on all operating systems and Adobe
Reader 9 and X for Windows and Macintosh, according to the advisory. It does
not affect Adobe Reader for Android, Unix or Adobe Reader/Acrobat 8.