According to a security firm Websense, the home page of CNET Clientside Developer Blog has been infected with a malware.
The page contains malicious JavaScript code that attempts to run on user’s computer through iframe.The malware is exploiting a known bug in Adobe Flash related to integer overflow vulnerability.
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
Following is a list of softwares affected by that malware:
- Adobe, Flash Player, 9.0.115.0, and previous
- Adobe, Flex, 3.0
- Adobe, AIR, 1.0
Users are advised to patch their system as soon as possible.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.