CVE-2010-3654 exploit in the wild

Published: 2010-11-01
Last Updated: 2010-11-02 00:10:04 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
2 comment(s)

Remember the vulnerability we discussed in https://isc.sans.edu/diary.html?storyid=9835 It appears to be there is an exploit for CVE-2010-3654 in the wild. While Adobe publishes the security patches, consider mitigation measures published in APSA10-05 advisory.

More information at http://blog.fortinet.com/fuzz-my-life-flash-player-zero-day-vulnerability-cve-2010-3654/

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

2 comment(s)

Comments

Metasploit module for this:

http://www.metasploit.com/redmine/projects/framework/repository/revisions/10857
Well, this is the third deciding to stay with Version 8 has cut down on my workload. As long as they don't start hammering us through Flash...

Diary Archives