20,000 Web pages help exploit 'patched' Flash flaw

FSOwner

FS Owner
Nov 8, 2006
26,656
60
48
freesteam.net
A possible zero day exploit has been discovered for a flaw in Flash thought to have been patched by Adobe a month ago.

Symantec researchers claim the exploit has several different payloads, including one to steal passwords from systems with the vulnerable software. Affected versions of Adobe Flash Player include 9.0.124.0 (latest version) and 9.0.115.0.

Around 20,000 legitimate Web pages have been manipulated, likely via SQL-injection vulnerabilities, to redirect browsers to domains in China which host the exploit, according to Vincent Weafer, senior director of development for Symantec's Security Response team.

</img> View Full Article: ZDNet Australia