[juneau-lug] Flash 9.0.115 and 9.0.124 vuln

• From: James Zuelow <e5z8652@xxxxxxxxxx>
• To: juneau-lug@xxxxxxxxxxxxx
• Date: Wed, 28 May 2008 06:20:46 -0800

Starting yesterday there are reported vulnerabilities with the latest two 
versions of flash (and possibly earlier) that let an attacker execute code.

So far nobody is saying anything about operating systems, and the information 
at isc.sans.org shows the exploit downloading exe files which points to 
Windows.  However I don't see anything saying it won't work on Linux.  Could 
very well be that the testers were using Windows and the exploit detected 
this and attacked accordingly.

If you're paranoid, you might want to block *.swf at the firewall or proxy, or 
rename your flash plugins until more information comes in.

I know my kids LOVE flash gaming sites, which seems like it would be a natural 
vector for such stuff.  Kids are very likely to ignore odd things happening 
and just log back into a site if something goes awry while they're playing 
club penguin...

Anyhow.

James
------------------------------------
The Juneau Linux Users Group -- http://www.juneau-lug.org
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

• » [juneau-lug] Flash 9.0.115 and 9.0.124 vuln
• » [juneau-lug] Re: Flash 9.0.115 and 9.0.124 vuln

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription