Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43440
  • Total Topics: 16532
  • Online today: 3066
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3050
Total: 3052









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 31. October 2012., 21:24:37 »

...

We strongly suggest users update their Flash Players as soon as possible.

...

Thanks for the heads up pal. :thumbsup:
Posted by: Pez
« on: 31. October 2012., 16:03:39 »

A Quick Analysis of the Flash Player Opcode-Verifying Code Execution Vulnerability

On October 12, McAfee Labs learned of proof-of-concept code exploiting a newly patched Flash Player vulnerability. Adobe had patched this vulnerability in its latest security update on October 8. Our research team rapidly responded to this threat with an in-depth analysis of the root cause and the degree of exploitability.

This specific vulnerability occurred due to a coding fault in Adobe’s ActionScript virtual machine (a.k.a. The Tamarin Project). Specifically, it lies in the way that AVM2 verifies the opcode OP_inclocal or OP_declocal. A checking logic step was mistakenly disabled by a macro. As a result, a U30 parameter was used directly without a bounds check, which leads to various code execution situations.

We assess the threat, CVE-2012-5271, by the following:

•The root cause is quite simple. It’s in the core of the AVM (verification), so every platform’s Flash Player (such as the built-in Flash Player on Chrome and Windows 8 ) is affected.

•AVM is a scriptable virtual machine. Because the coding fault lies in its core verification process, attackers may have many opportunities to develop a working exploit.

We strongly suggest users update their Flash Players as soon as possible. For McAfee customers, a User Defined Signature was released late on Friday, Oct 12 to deliver our protections. The signature name is “UDS-HTTP: Adobe Flash Player ActionScript Opcode OP_inclocal and OP_declocal Verifying Code Execution Vulnerability.”

McAfee Labs will continue to monitor the threat of this vulnerability.
 

I’d like thank my colleagues Yichong Lin, Bing Sun, XiaoBo Chen, and Chong Xu for their collaboration on this analysis.

Orginal Article: Monday, October 15, 2012 at 8:42pm by Haifei Li

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023