New Adobe Flash player zero day vulnerability revealed

According to Parkour, whose Contagio malware dump security blog revealed another major zero-day vulnerability last month, successful exploitation of the flaw results in two files – nsunday.exe and nsunday.dll - being dropped and executed.

Adobe, she says, has been notified of the flaw, but has yet to respond.

Reporting on the flaw, the Softpedia newswire says that the flaw could be exploited in the wild to infect internet users with a trojan.

Softpedia's editor Lucian Constantin says that ThreatExpert reports the two dropped nsunday files as components of a Wisp trojan variant.

"Wisp is a relatively new trojan discovered back in March and is capable of stealing information, as well as downloading and executing malicious files", says Constantin.

Interestingly, Softpedia says it has run a VirusTotal scan of the executable, which returns the fact that 15 antivirus engines are detecting the code as malicious, mostly via generic signatures.

This suggests that around 60% of IT security apps cannot detect the malware, as VirusTotal is credited with running up to 43 IT security apps on its automated testing platform, Infosecurity notes.

As Constantin observes: "This is very bad news. If the new zero-day is confirmed - and there is a strong possibility that it will - people might be exposed to attacks for weeks."

"Even if Adobe quickly rolls out a patch for Flash Player, the vulnerability will remain exploitable through Adobe Reader, which has its own embedded Flash interpreter", he said.

The problem is made potentially worse, Constantin adds, because "Adobe Reader and Acrobat follow an uniform quarterly update cycle and the next update is a long time away, being scheduled for February 8, 2011."

"Until this is sorted out, it might be sensible for users to disable Flash support in Adobe Reader, especially if they don't need it. This can be done by renaming the "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" file."

What’s hot on Infosecurity Magazine?