In the case of Flash, content is prevented from executing by default. Protected View was introduced in Office 2010 and kicks off when the document is considered to be from an unreliable source, limiting privileges of the content in the file. However, Adobe informs that this type of attack can be foiled through the Click-to-Play for Office feature, implemented back in Flash Player 11.6 and designed for Microsoft Office versions without Protected View feature to warn users that content may be harmful. The exploited vulnerability could trick the user into opening a Microsoft Word document with malicious Flash (SWF) content inside. The company received reports that an exploit existed for CVE-2013-5331, but it has not released information about its being actively leveraged, although some sources suggest so. Adobe announced that two security vulnerabilities (CVE-2013-5331 and CVE-2013-5332) available in Flash Player 11.9.900.152 had been addressed in the recently released update for the software.
0 Comments
Leave a Reply. |