Zero-Day Flaw


Exploit Released for Adobe Illustrator Zero Day Flaw

Adobe’s
security response team is scrambling to deal with the release of
exploit code for what appears to be a critical zero-day flaw in the
Adobe Illustrator CS4 software product.
The vulnerability is caused due to an error in the parsing of
Encapsulated Postscript Files (.eps) and can be exploited to corrupt
memory when a user opens a specially crafted .eps file. Successful
exploitation allows execution of arbitrary code.

Microsoft Confirms IIS FTP Zero-Day Flaw

Microsoft late Tuesday confirmed the publication of exploit code for a serious code execution vulnerability in the File Transfer Protocol (FTP) Service in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0.
A security advisory from Redmond warned that the vulnerability could allow remote code execution on affected systems running the FTP service and connected to the Internet.  Read the advisory [microsoft.com]  See workaround information on the SR&D blog [technet.com]


The current zero-day attacks against Adobe Flash Player are not quite zero-day after all.   According to new information, Adobe’s security response team knew about the vulnerability since December 31, 2008 (see image below) but it was misdiagnosed as a “data loss corruption” issue.

When word of the attacks surfaced this week, Adobe quickly locked access to the bug ticket with a note that it was “reclassified as a security bug.”  Read the full story [zdnet.com]

From Viruslist.com (Alex Gostev)
Recently, vulnerabilities in Adobe products have come to pose a major threat, and the number of infections which they cause overtook those resulting from vulnerabilities in Windows or Internet Explorer long ago.  The latest zero-day vulnerability was identified this week and grabbed the attention of AV researchers right way, with PDF files with a marked Chinese connection appearing in the wild.
One of these files was called “Cao Chang-Ching The CPP made eight mistang Urumuqi incident_mm.pdf”. The events of the past few days in the Chinese town of Urumqui, where local residents clashed with police, made the news around the world, so it’s no surprise to see this topic being used to spread malicious programs.   [viruslist.com]

From Websense Security Labs
The recently publicized Zero-Day Vulnerability in Microsoft DirectShow is in the wild and spreads through infection of thousands of legitimate Web sites. The proof-of-concept of the vulnerability is out and exploitation is very easy to achieve. In our labs we have been tracking the spread of this new zero day—the first compromised domains mainly originating in China. Read the full story [Websense].

By Eric Schultze

Microsoft patched all Windows versions of PowerPoint today — addressing both a zero-day flaw [microsoft.com] and 13 other privately reported security vulnerabilities.   The zero-day vulnerability enabled attackers to take over client machines if a user opened a malformed powerpoint document or visited an evil website.  The attacker would be able to execute code on the user’s machine with the same level of permissions afforded to the logged on user.  (If the user was logged on as an administrator, the evil code could execute as admin.  If the user was logged on as a user-level account, then the evil code could only execute with user permissions and not admin permissions).

Adobe has set a May 12 date for the delivery of patches to cover a critical zero-day vulnerability in its Adobe Reader 9.1 and Acrobat 9.1 software products.
An official security advisory from Adobe confirms the severity of the vulnerability and reiterates the advice for users to turn off JavaScript as a temporary measure to avoid code execution attacks.  However, customers have started to grumble that Adobe’s mitigation is difficult to implement and, even worse, useless in corporate environments.  Read the full story [zdnet.com]

Adobe’s security response team is scrambling to investigate new public reports of a new zero-day vulnerability affecting uses of its widely deployed PDF Reader software.
In a brief note posted to its PSIRT blog, Adobe confirmed it was investigating a code execution flaw, which affects Adobe Reader 9.1 and 8.1.4. 

Adobe vs. Microsoft on Security Response – Fri, March 6, 2009

Ryan and Roel discuss the latest zero-day vulnerabilities (and attacks) affecting Adobe and Microsoft customers and compare the response from the two software vendors.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.