By Steve Ragan Dec 31, 2006, 5:06 GMT
Macromedia Flash and Adobe Reader are both targets of exploits released today that are proven to cause Denial of Service attacks in Internet Explorer. Using the crafted code, users who click the false links will see their browser and shortly their computer lock up removing access to the system.
The Flash DoS attack works with a flaw that resides inside a faulty Active X control. This control, named Flash8b.OCX, is located on any Windows system with Flash, Flash Media, or Flash Player installed. Running this control, triggered in the malicious code, will cause the denial of service. There is no patch currently to prevent this; a simple solution is to disable Active X and never allow Active X to run if you do not know the source.
The Adobe Reader exploit, caused by malicious code triggering AcroPDF.dll and causing the denial of service to lock up Adobe Reader after tricking it into thinking it is opening a PDF file. For this exploit, there is currently no patch. Users should avoid opening random PDF links on unknown websites.
Both exploits require user action before the DoS is triggered. Because of this, there is only the hope of patches, and the use of extreme caution when dealing with Flash websites, and PDF files.
To get the latest security news form Adobe on both the Reader exploit and the Flash exploit visit their security website at: http://www.adobe.com/support/security/
Your Talkback on this Story