There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer:
Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the vulnerability. I won't attempt to replicate the post here, but it includes several interesting features. The latest news from Adobe is that a patch will be made available on 12th January.
This issue does confirm another point we've made several times: while we expect the bad guys to continue looking for and exploiting vulnerabilities in operating systems, application vulnerabilities tend to offer richer seams for exploitation nowadays. It's not Adobe's fault that its products are so regularly targeted, but the company's reluctance to commit to best patching practice is a real problem.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET