Earlier this week, Adobe updated Flash Player, as an error allowed an attacker to use malicious Flash files to steal Windows credentials.
The security issue has the ID CVE-2017-3085 and affects versions of Flash Player from 23.0.0.162 to 26.0.0.137 running on Windows XP, Vista, 7, 8.x and 10.
Vulnerability was discovered by Dutch security researcher Björn Ruytenberg and is a variant of an earlier defect identifying the CVE-2016-4271, which Adobe updated in September of 2016.
Adobe has updated this issue with the Flash Player 23.0.0.162 version, effectively preventing Flash from making any outbound links to UNCs (Universal Naming Convention, eg:
file: /////10.0.0.1/some/file.txt
But a new bug detected by the same researcher (Ruytenberg) is based on a clever trick that can bypass Adobe's new protection measures.
The researcher explains to one technical suspension on his blog that an attacker could comply with Adobe's ban on UNC addresses and paths files, loading one archive Flash making a request to a remote server via HTTP or HTTPS.
Ο Ruytenberg αναφέρει ότι η επίθεση λειτουργεί μόνο κατά τη φόρτωση κακόβουλων αρχείων Flash στο Office (2010, 2013 και 2016), στον Firefox ή στον Internet Explore. Τα προγράμματα περιήγησης Chrome and Edge are unaffected by the attack.
The vulnerability received a Severity Score (CVSS) of 4,3 out of 10. However, the flaw is ideal for targeted attacks targeting specific Companies or individuals, such as in financial or state government espionage campaigns.