Adobe escape12/29/2023 ![]() Paying for Acrobat Pro DC has many benefits, including a host of editing and exporting features and the security of the Adobe brand. After that, Adobe's PDF editor costs $14.99 per month, or you can stick with the free Acrobat Reader, which only includes a few features such as highlighting. It was one of two vulnerabilities addressed in Tuesday’s update.You can try a free trial of Acrobat Pro for one week. “This week’s patch should indeed fix the vulnerability.”Īdobe addressed the vulnerability, CVE-2017-3085, Tuesday, giving it a severity rating of important and calling it a security bypass vulnerability. “The report I disclosed demonstrates this vulnerability was fixed improperly as the new sandbox policies can be circumvented,” Ruytenberg said. Therefore, he built a new policy with lesser restrictions and was successful in forcing Flash to connect to the remote SMB server and capture incoming requests including the victim’s user credentials. He discovered that the cross-domain policy is requested from the same host serving the attacker’s Flash application. Specifically, Ruytenberg’s attack was able to abuse Flash’s cross-domain policy file which, he said, dictates when Flash is allowed to load resources from another domain. 301, 302), this vulnerability can be used to redirect HTTP requests to a malicious SMB server,” he wrote in his report, adding that the vulnerability affects IE, Firefox and any third-party applications using them. “By setting the HTTP Location header and an appropriate response code (e.g. ![]() Ruytenberg discovered that he could change the requested path after it had passed input validation by abusing the Redirect-to-SMB bug. Ruytenberg said in Flash 23, Adobe no longer allowed the software to load resources from an SMB server, rejecting UNC and File-style paths any paths that are not prefixed with HTTP or HTTPS. The attack works only on Internet Explorer and Firefox, Ruytenberg said Chrome and Microsoft Edge are not affected, he said, preventing Flash from connecting to the SMB server. ![]() Ruytenberg discovered that he could use a two-year-old Windows redirect-to-SMB vulnerability to again exploit the Flash bug. In Flash 23, Adobe updated its sandbox policies, improving input validation along the way, which should have prevented Flash from connected to a remote server. “In this scenario, the Flash application would run in the ‘local-with-networking’ as opposed to the default ‘remote sandbox (but both sandboxes are vulnerable),” Ruytenberg said. ![]() Attackers could also hit victims via email or Windows file sharing by enticing them to open a local HTML file that embeds the malicious Flash application. The researcher pointed out that an attacker could use any number of typical infection vectors to infect victims’ machines, including hosting a site that serves a malicious Flash application, or by embedding a Flash file in an Office document. “The attack complexity is very low,” Ruytenberg told Threatpost. An attack allows for the redirection of traffic to the remote SMB server and the interception of Windows credentials. Flash Player 23, released close to a year ago, closed off a local sandbox escape, but Ruytenberg found the update failed to address the vulnerability locally if networking was enabled, or remotely.Įxploiting the vulnerability would allow an attacker to connect a compromised computer to an attacker’s remote Windows SMB server. One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue.ĭutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the soon-to-be deprecated Flash Player on Tuesday to version 26.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |