Earlier this week, Adobe updated Flash Player, as an error allowed an attacker to use malicious Flash files to steal Windows credentials.
The security issue has the ID CVE-2017-3085 and affects versions of Flash Player from 23.0.0.162 to 26.0.0.137 running on Windows XP, Vista, 7, 8.x and 10.
Η vulnerability was discovered by Dutch security researcher Björn Ruytenberg and is a parachange one oldesty defect that has as an identifier the CVE-2016-4271, which Adobe updated in September of 2016.
Η Adobe ενημέρωσε αυτό το πρόβλημα με την έκδοση του Flash Player 23.0.0.162, εμποδίζοντας ουσιαστικά το Flash να πραγματοποιήσει οποιεσδήποτε εξερχόμενες συνδέσεις σε διευθύνσεις URL με UNC (Universal Naming Convention, e.g.:
file: /////10.0.0.1/some/file.txt
But a new bug discovered by the same researcher (Ruytenberg) relies on a clever trick that can bypass the new measures protectionof Adobe.
The researcher explains to one technical suspension on his blog that an attacker could comply with an Adobe ban with UNC addresses and file paths by uploading a Flash file requesting to a remote server via HTTP or HTTPS.
Ruytenberg reports that the attack works only when uploading malicious Flash files to Office (2010, 2013 and 2016), Firefox, or Internet Explorer. Chrome and Edge browsers are not affected by the attack.
Vulnerability was scored (CVSS) 4,3 on 10. However, the flaw is ideal for targeted attacks targeting specific companies or individuals, such as in financial or state government espionage campaigns.
