YA0D (Yet Another 0-Day) in Adobe Flash player
By secgeeks - Posted on July 23rd, 2009
245
vote
Well, it looks like the last two weeks have definitely been marked by multiple 0-day exploits actively used in the wild.
The last one exploits a vulnerability in Adobe Flash player (versions 9 and 10) as well as Adobe Reader and Acrobat 9.1.2. Besides being a 0-day there are some other interesting things about this exploit.
First, several AV companies reported that they detected this 0-day exploit in PDF files, so at first it looked like an Adobe Reader vulnerability. However, the vulnerable component is actually the Flash player or, better said, the code used by the Flash player which is obviously shared with Adobe Reader/Acrobat. This increases the number of vectors for this attack: the malicious Flash file can be embedded in PDF documents which will cause Adobe Reader to execute it OR it can be used to exploit the Flash player directly, making it a drive-by attack as well.
Bookmark/Search this post with:
That's due to being features-rich reader.
we should move to other readers.
/regards
YEHG Team
http://yehg.net
yeah,foxit is god alternative,but it also has some bugs..