Trojan.Linxder and the Flash 0-day (CVE-2011-0609)

Version 1

    Trojan.Linxder and the Flash 0-day (CVE-2011-0609)

    Adobe recently reported the existence of a new zero day flaw in flash player which, according to them, can affect flash player 10.2.152.33 and earlier versions. Soon after, additional news broke out showing that this flaw had been used as part of limited targeted attacks. The initial attacks used a swf file embedded inside an MS excel file to lure users into clicking it. Once a user opens this excel file, the flash file embedded inside gets activated, exploiting this vulnerability. Bugix-security blog described the exploitation process in great detail here.

     

     

    Good writeup and analysis on Fireeye blogs :http://blog.fireeye.com/research/2011/03/who-is-exploiting-the-flash-0-day-cve-2 011-0609.html