In this section

• Home
• Security
• SophosLabs blog
• 2008
• 05

• Analyses
• SophosLabs
• SophosLabs blog
• Spyware and adware
• Top 10 malware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

29 May 2008 09:48 GMT

Adobe Flash SWF exploit causes a stir

Yesterday we received several queries regarding a new memory corruption vulnerability affecting Adobe Flash Player and malware that exploits this vulnerability via malicious SWF files.

We have received samples and can confirm that the threat is valid. Detection was issued yesterday for Sophos customers in the form of Troj/SWFexp-A, Troj/SWFexp-B and Troj/SWFexp-C. We have also issued generic detection in the form of Sus/SWFScene-A.

We do not consider this vulnerability to be significantly dangerous but advise users to ensure that they are running the latest version of Adobe Flash Player (currently 9.0.124.0), and remain vigilant when browsing the internet and particularly when viewing SWF content.

• Test which version of Adobe Flash you are running
• Download the latest version of Adobe Flash Player from Adobe’s website
• Read more about the Adobe Flash vulnerability

Coincidentally a second SWF issue was brought to our attention yesterday after SANS published an article on their blog page. This issue involves the hosting of malicious SWF files that attempt to download further malware.

We have been seeing SWF malware for some time and do not consider the issue to be a zero-day vulnerability. Some detections for threats of this type include Troj/SwfDL-A, Troj/SWFdldr-A and Troj/SWFdldr-B.

Cliff Wright

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot